A significant security vulnerability has been identified in ManageEngine’s Analytics Plus on-premise solution, affecting all Windows builds below version 6130.
This high-severity vulnerability, designated as CVE-2025-1724, allows unauthorized access to authenticated AD user accounts, potentially leading to account takeovers and exposure of sensitive user information.
This critical issue impacts organizations that use Analytics Plus on-premise with Windows-based Active Directory (AD) authentication, provided that Active Directory Single Sign-On (SSO) is not configured.
The vulnerability allows attackers to exploit weaknesses in the system’s authentication mechanism.
Affected Products:
Product Name | Affected Software Version(s) | Fixed Version | Fixed On |
Analytics Plus on-premise | All Analytics Plus on-premise Windows builds below 6130 | Build 6130 | March 11, 2025 |
The vulnerability poses a significant risk as it could result in unauthorized access to user accounts, leading to potential data breaches and other malicious activities.
This could severely compromise the confidentiality, integrity, and availability of user data.
The vulnerability specifically affects Windows installations of Analytics Plus on-premise where users authenticate through Active Directory without using Active Directory SSO.
Organizations with this setup are at risk unless they apply the necessary updates.
ManageEngine has addressed this issue by enhancing security measures to generate installation-specific keys and storing them with robust encryption.
This modification ensures that user accounts are better protected against unauthorized access.
Steps to Upgrade:
To mitigate this vulnerability, users are advised to follow these steps:
Recommendations:
The recent discovery and fixing of CVE-2025-1724 highlights the importance of maintaining updated software and robust security practices to protect against user account takeovers and data breaches.
Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…
A threat actor known as #LongNight has reportedly put up for sale remote code execution…
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…
Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…
Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…