Cyber Resilience

CVE-2025-8324

Critical

Published: 11 November 2025

Published
11 November 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0912 92.9th percentile
Risk Priority 25 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8324 is a critical-severity SQL Injection (CWE-89) vulnerability. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 7.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

Zohocorp ManageEngine Analytics Plus versions 6170 and below contain an unauthenticated SQL injection vulnerability (CWE-89) stemming from improper filter configuration. The flaw carries a CVSS 3.1 base score of 9.8 with network attack vector, low complexity, and no required authentication or user interaction, allowing complete compromise of confidentiality, integrity, and availability.

An attacker with network access to the affected Analytics Plus instance can submit crafted requests that bypass filters and execute arbitrary SQL commands against the backend database. Successful exploitation grants the ability to read, modify, or delete data and potentially escalate to full system control without any credentials.

The vendor has published an advisory at https://www.manageengine.com/analytics-plus/CVE-2025-8324.html that addresses the issue. The associated EPSS score has remained flat at 0.0912 with no material increase since disclosure.

EU & UK References

Vulnerability details

Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
Why these techniques?

Unauthenticated SQL injection in a public-facing web application directly enables T1190 (Exploit Public-Facing Application). Exploitation facilitates arbitrary SQL queries for data exfiltration from databases (T1213.006).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2019-25537Shared CWE-89
CVE-2019-25366Shared CWE-89
CVE-2019-25496Shared CWE-89
CVE-2026-1475Shared CWE-89
CVE-2026-26990Shared CWE-89
CVE-2026-44047Shared CWE-89
CVE-2025-12865Shared CWE-89
CVE-2024-11135Shared CWE-89
CVE-2019-25491Shared CWE-89
CVE-2024-13369Shared CWE-89

Affected Assets

Zohocorp ManageEngine Analytics Plus
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates unauthenticated SQL injection by requiring validation of all information inputs to block malicious SQL code execution.

prevent

Requires timely identification, reporting, and correction of flaws like this specific SQL injection vulnerability through patching.

prevent

Ensures establishment and enforcement of secure configuration settings, including proper filter configurations to address the improper filter causing the SQL injection.

References