Cyber Security News

ManageEngine Analytics Vulnerability Enables User Account Takeover

A significant security vulnerability has been identified in ManageEngine’s Analytics Plus on-premise solution, affecting all Windows builds below version 6130.

This high-severity vulnerability, designated as CVE-2025-1724, allows unauthorized access to authenticated AD user accounts, potentially leading to account takeovers and exposure of sensitive user information.

CVE-2025-1724: AD Authentication User Account Takeover Vulnerability

This critical issue impacts organizations that use Analytics Plus on-premise with Windows-based Active Directory (AD) authentication, provided that Active Directory Single Sign-On (SSO) is not configured.

The vulnerability allows attackers to exploit weaknesses in the system’s authentication mechanism.

Affected Products:

Product NameAffected Software Version(s)Fixed VersionFixed On
Analytics Plus on-premiseAll Analytics Plus on-premise Windows builds below 6130Build 6130March 11, 2025

The vulnerability poses a significant risk as it could result in unauthorized access to user accounts, leading to potential data breaches and other malicious activities.

This could severely compromise the confidentiality, integrity, and availability of user data.

The vulnerability specifically affects Windows installations of Analytics Plus on-premise where users authenticate through Active Directory without using Active Directory SSO.

Organizations with this setup are at risk unless they apply the necessary updates.

ManageEngine has addressed this issue by enhancing security measures to generate installation-specific keys and storing them with robust encryption.

This modification ensures that user accounts are better protected against unauthorized access.

Steps to Upgrade:

To mitigate this vulnerability, users are advised to follow these steps:

  1. Download the Latest Upgrade Pack: Visit the service pack page to download the latest upgrade pack for Analytics Plus on-premise.
  2. Follow Upgrade Instructions: Refer to the detailed instructions provided on the service pack page to successfully upgrade to build 6130 or later.

Recommendations:

  • Prompt Action: Organizations using affected versions of Analytics Plus on-premise should take immediate action to upgrade to the fixed version.
  • Security Audits: Regularly conduct security audits to identify and patch vulnerabilities before they become exploited.
  • User Awareness: Educate users about the importance of keeping software up-to-date to avoid potential security risks.

The recent discovery and fixing of CVE-2025-1724 highlights the importance of maintaining updated software and robust security practices to protect against user account takeovers and data breaches.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free. 

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector emerged…

11 hours ago

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its attacks…

11 hours ago

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6 million…

12 hours ago

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect servers…

13 hours ago

Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025

The healthcare sector has emerged as a prime target for cyber attackers, driven by the…

13 hours ago

SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution

Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution, enabling…

14 hours ago