Zoho Analytics On-Premise Critical SQL Injection Vulnerability Allows Attackers to Takeover Data
Zoho Analytics on-premise installations were recently found to have a SQL Injection vulnerability- CVE-2025-8324 that exposes enterprise environments to risk. The flaw is prevalent in all Zohocorp ManageEngine products, built prior to the most recent patch and enables attackers to exploit weaknesses in the application’s input validation logic.
The flaw enables attackers to execute queries without authentication mainly arbitrary SQL injection, without prior authentication, leading to unauthorized data exposure and account takeovers.
| OEM | Zoho |
| Severity | Critical |
| CVSS Score | 9.8 |
| CVEs | CVE-2025-8324 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview Malicious actors can launch attacks remotely and takeover user accounts, sensitive analytics data and any connected business intelligence workflows. Administrators are urged to update to the latest version to mitigate this risk.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Unauthenticated SQL Injection | CVE-2025-8324 | Zoho Analytics On-Premise | Critical | 6171 and later |
Technical Summary
At the root of this flaw is improper input validation for user-supplied parameters within specific URLs of the Zoho Analytics Plus backend.
This allows arbitrary SQL queries to be executed by anyone with network access to the service, even if they have no login credentials. Zoho has enforced input checks and removing vulnerable backend components altogether.
| CVE ID | Component Affected | Vulnerability Details | Impact |
| CVE-2025-8324 | Zoho Analytics Plus On-Premise | An unauthenticated SQL injection vulnerability caused by improper input validation allowing attackers to inject arbitrary SQL queries remotely without authentication. | Account takeover, user data leak |
Recommendations
- Organizations must update Zoho Analytics Plus On-Premises immediately to the Build 6171 version or later.
Here are some recommendations you can follow
- Enforce patch deployment across all managed analytics instances to ensure consistency and security.
- Continuously monitor logs for unusual SQL query activities or access attempts that could indicate exploitation attempts.
Conclusion:
The Zoho Analytics On-Premise deployments, could enable full data and account compromise through unauthenticated SQL injection. CVE-2025-8324 represents a critical security risk, classified at the highest severity level due to its potential impact and ease of exploitation.
Although no active exploitation has been detected to date, the severity of the flaw demands immediate attention. Immediate patching is essential to secure environments and prevent any chance of data compromise or unauthorized access.
References:
Recent Comments