A significant security vulnerability has been identified in ManageEngine’s Analytics Plus on-premise solution, affecting all Windows builds below version 6130.
This high-severity vulnerability, designated as CVE-2025-1724, allows unauthorized access to authenticated AD user accounts, potentially leading to account takeovers and exposure of sensitive user information.
This critical issue impacts organizations that use Analytics Plus on-premise with Windows-based Active Directory (AD) authentication, provided that Active Directory Single Sign-On (SSO) is not configured.
The vulnerability allows attackers to exploit weaknesses in the system’s authentication mechanism.
Affected Products:
Product Name | Affected Software Version(s) | Fixed Version | Fixed On |
Analytics Plus on-premise | All Analytics Plus on-premise Windows builds below 6130 | Build 6130 | March 11, 2025 |
The vulnerability poses a significant risk as it could result in unauthorized access to user accounts, leading to potential data breaches and other malicious activities.
This could severely compromise the confidentiality, integrity, and availability of user data.
The vulnerability specifically affects Windows installations of Analytics Plus on-premise where users authenticate through Active Directory without using Active Directory SSO.
Organizations with this setup are at risk unless they apply the necessary updates.
ManageEngine has addressed this issue by enhancing security measures to generate installation-specific keys and storing them with robust encryption.
This modification ensures that user accounts are better protected against unauthorized access.
Steps to Upgrade:
To mitigate this vulnerability, users are advised to follow these steps:
Recommendations:
The recent discovery and fixing of CVE-2025-1724 highlights the importance of maintaining updated software and robust security practices to protect against user account takeovers and data breaches.
Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector emerged…
The Agenda ransomware group, also known as Qilin, has been reported to intensify its attacks…
SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6 million…
F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect servers…
The healthcare sector has emerged as a prime target for cyber attackers, driven by the…
Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution, enabling…