CVE-2025-1724
Published: 17 March 2025
Summary
CVE-2025-1724 is a high-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Manageengine (inferred from references). Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Domain Accounts (T1078.002); ranked in the top 19.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).
Deeper analysis
Zohocorp ManageEngine Analytics Plus and Zoho Analytics on-premise versions prior to 6130 contain a hardcoded sensitive token that enables an Active Directory-only account takeover. The flaw is tracked as CVE-2025-1724 and carries a CVSS 3.1 score of 7.4, reflecting network attack vectors, high attack complexity, and no required privileges or user interaction. It is classified under CWE-798 for use of hard-coded credentials.
An unauthenticated remote attacker who obtains the embedded token can impersonate or seize control of AD-integrated accounts within the affected analytics deployments, resulting in high impact to confidentiality and integrity. The vulnerability does not affect availability and is limited to on-premise installations that have not been upgraded past the 6130 release threshold.
Official advisories published by ManageEngine and Zoho at the referenced URLs direct administrators to apply the 6130 or later builds to eliminate the hardcoded token. The associated EPSS scores remain low, with a current value of 0.0132 and a recorded peak of 0.0226.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6463
Vulnerability details
Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an AD only account takeover because of a hardcoded sensitive token.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Hardcoded token enables remote AD account takeover (T1078.002 Domain Accounts) via network-accessible on-premise analytics application (T1190 Exploit Public-Facing Application).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the hardcoded sensitive token vulnerability by requiring timely identification, reporting, and patching to version 6130 or later.
Prohibits and manages authenticators such as hardcoded tokens to prevent their use in AD authentication, directly addressing CWE-798.
Enforces account management practices like disabling unused AD-only accounts or restricting their privileges to mitigate takeover impacts.