Cyber Security News

ManageEngine Analytics Vulnerability Enables User Account Takeover

A significant security vulnerability has been identified in ManageEngine’s Analytics Plus on-premise solution, affecting all Windows builds below version 6130.

This high-severity vulnerability, designated as CVE-2025-1724, allows unauthorized access to authenticated AD user accounts, potentially leading to account takeovers and exposure of sensitive user information.

CVE-2025-1724: AD Authentication User Account Takeover Vulnerability

This critical issue impacts organizations that use Analytics Plus on-premise with Windows-based Active Directory (AD) authentication, provided that Active Directory Single Sign-On (SSO) is not configured.

The vulnerability allows attackers to exploit weaknesses in the system’s authentication mechanism.

Affected Products:

Product NameAffected Software Version(s)Fixed VersionFixed On
Analytics Plus on-premiseAll Analytics Plus on-premise Windows builds below 6130Build 6130March 11, 2025

The vulnerability poses a significant risk as it could result in unauthorized access to user accounts, leading to potential data breaches and other malicious activities.

This could severely compromise the confidentiality, integrity, and availability of user data.

The vulnerability specifically affects Windows installations of Analytics Plus on-premise where users authenticate through Active Directory without using Active Directory SSO.

Organizations with this setup are at risk unless they apply the necessary updates.

ManageEngine has addressed this issue by enhancing security measures to generate installation-specific keys and storing them with robust encryption.

This modification ensures that user accounts are better protected against unauthorized access.

Steps to Upgrade:

To mitigate this vulnerability, users are advised to follow these steps:

  1. Download the Latest Upgrade Pack: Visit the service pack page to download the latest upgrade pack for Analytics Plus on-premise.
  2. Follow Upgrade Instructions: Refer to the detailed instructions provided on the service pack page to successfully upgrade to build 6130 or later.

Recommendations:

  • Prompt Action: Organizations using affected versions of Analytics Plus on-premise should take immediate action to upgrade to the fixed version.
  • Security Audits: Regularly conduct security audits to identify and patch vulnerabilities before they become exploited.
  • User Awareness: Educate users about the importance of keeping software up-to-date to avoid potential security risks.

The recent discovery and fixing of CVE-2025-1724 highlights the importance of maintaining updated software and robust security practices to protect against user account takeovers and data breaches.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free. 

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…

2 days ago

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code execution…

2 days ago

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…

2 days ago

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…

2 days ago

EU Targets Stark Industries in Cyberattack Sanctions Crackdown

The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…

2 days ago

Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats

Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…

2 days ago