ManageEngine Analytics Vulnerability Enables User Account Takeover

A significant security vulnerability has been identified in ManageEngine’s Analytics Plus on-premise solution, affecting all Windows builds below version 6130.

This high-severity vulnerability, designated as CVE-2025-1724, allows unauthorized access to authenticated AD user accounts, potentially leading to account takeovers and exposure of sensitive user information.

CVE-2025-1724: AD Authentication User Account Takeover Vulnerability

This critical issue impacts organizations that use Analytics Plus on-premise with Windows-based Active Directory (AD) authentication, provided that Active Directory Single Sign-On (SSO) is not configured.

The vulnerability allows attackers to exploit weaknesses in the system’s authentication mechanism.

Affected Products:

Product Name	Affected Software Version(s)	Fixed Version	Fixed On
Analytics Plus on-premise	All Analytics Plus on-premise Windows builds below 6130	Build 6130	March 11, 2025

The vulnerability poses a significant risk as it could result in unauthorized access to user accounts, leading to potential data breaches and other malicious activities.

This could severely compromise the confidentiality, integrity, and availability of user data.

The vulnerability specifically affects Windows installations of Analytics Plus on-premise where users authenticate through Active Directory without using Active Directory SSO.

Organizations with this setup are at risk unless they apply the necessary updates.

ManageEngine has addressed this issue by enhancing security measures to generate installation-specific keys and storing them with robust encryption.

This modification ensures that user accounts are better protected against unauthorized access.

Steps to Upgrade:

To mitigate this vulnerability, users are advised to follow these steps:

1. Download the Latest Upgrade Pack: Visit the service pack page to download the latest upgrade pack for Analytics Plus on-premise.
2. Follow Upgrade Instructions: Refer to the detailed instructions provided on the service pack page to successfully upgrade to build 6130 or later.

Recommendations:

• Prompt Action: Organizations using affected versions of Analytics Plus on-premise should take immediate action to upgrade to the fixed version.
• Security Audits: Regularly conduct security audits to identify and patch vulnerabilities before they become exploited.
• User Awareness: Educate users about the importance of keeping software up-to-date to avoid potential security risks.

The recent discovery and fixing of CVE-2025-1724 highlights the importance of maintaining updated software and robust security practices to protect against user account takeovers and data breaches.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.