Platform
manageengine
Component
manageengine-analytics-plus
Fixed in
6171
CVE-2025-8324 describes a critical SQL Injection vulnerability present in ManageEngine Analytics Plus versions 0 through 6170. This vulnerability allows an unauthenticated attacker to inject malicious SQL code, potentially leading to unauthorized data access and manipulation. The vulnerability was published on November 11, 2025, and a fix is available in version 6171.
The impact of this SQL Injection vulnerability is severe. An attacker can leverage it to bypass authentication and directly query the database, potentially extracting sensitive information such as user credentials, business data, and configuration details. Successful exploitation could lead to complete data compromise, denial of service, and even remote code execution if the database user has sufficient privileges. Given the unauthenticated nature of the vulnerability, it poses a significant risk to any deployment of ManageEngine Analytics Plus within the affected version range. This vulnerability shares similarities with other SQL Injection attacks where attackers leverage improper input validation to gain unauthorized database access.
CVE-2025-8324 is currently not listed on the CISA KEV catalog. The EPSS score is likely to be high given the unauthenticated nature and CRITICAL CVSS score. Public proof-of-concept exploits are anticipated to emerge given the ease of exploitation and the severity of the vulnerability. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Exploit Status
EPSS
4.22% (89% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-8324 is to immediately upgrade ManageEngine Analytics Plus to version 6171 or later, which contains the fix. If upgrading is not immediately feasible, implement temporary workarounds. These include deploying a Web Application Firewall (WAF) with rules to filter out potentially malicious SQL queries. Additionally, strengthen input validation routines within the application to sanitize user-supplied data before it is used in SQL queries. Consider implementing stricter database user permissions, limiting the privileges of the database user used by Analytics Plus to only those absolutely necessary. After upgrading, confirm the vulnerability is resolved by attempting a SQL injection attack on the affected endpoints and verifying that the input is properly sanitized.
Actualizar ManageEngine Analytics Plus a la versión 6171 o superior. Esta actualización corrige la vulnerabilidad de inyección SQL no autenticada debido a una configuración de filtro incorrecta.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-8324 is a CRITICAL SQL Injection vulnerability affecting ManageEngine Analytics Plus versions 0–6170, allowing unauthenticated attackers to inject malicious SQL code and potentially extract sensitive data.
If you are running ManageEngine Analytics Plus versions 0 through 6170, you are vulnerable to this SQL Injection flaw. Upgrade to version 6171 or later to mitigate the risk.
The recommended fix is to upgrade to ManageEngine Analytics Plus version 6171 or later. As a temporary workaround, implement a WAF and strengthen input validation.
While there are no confirmed reports of active exploitation at this time, the vulnerability's severity and ease of exploitation suggest that it is likely to be targeted by attackers.
Refer to the official ManageEngine security advisory for detailed information and remediation steps: [https://www.manageengine.com/security-alerts/]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.