CVE-2025-8324 CRITICAL

CVE-2025-8324: SQL Injection

Vendor Zohocorp

Product ManageEngine Analytics Plus

Weakness CWE-89 · SQLi

Published November 11, 2025

Last update February 26, 2026

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration.

Key dates

02Disclosure timeline

November 11, 2025 CVE published

February 26, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-8324

Related vulnerabilities

04Related CVE

CVE-2026-3785 EasyCMS Request Parameter RbacnodeAction.class.php sql injection CVE-2025-0942 Jalios JPlatform 10 SP6 < 10.0.6 Record Chooser SQL Injection CVE-2024-7278 itsourcecode Alton Management System team_save.php sql injection CVE-2024-11212 SourceCodester Best Employee Management System fetch_product_details.php sql injection CVE-2025-12411 Premmerce Wholesale Pricing for WooCommerce <= 1.1.10 - Authenticated (Subscriber+) SQL Injection