Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api.
References
| Link | Resource |
|---|---|
| https://www.manageengine.com/analytics-plus/CVE-2025-9428.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
23 Oct 2025, 14:00
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.manageengine.com/analytics-plus/CVE-2025-9428.html - Vendor Advisory | |
| CPE | cpe:2.3:a:zohocorp:manageengine_analytics_plus:6.1:6100:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_analytics_plus:6.1:6130:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_analytics_plus:6.1:6110:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_analytics_plus:6.1:6160:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_analytics_plus:6.1:6170:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_analytics_plus:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_analytics_plus:6.1:6140:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_analytics_plus:6.1:6120:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_analytics_plus:6.1:6150:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_analytics_plus:6.1:6171:*:*:*:*:*:* |
|
| First Time |
Zohocorp
Zohocorp manageengine Analytics Plus |
21 Oct 2025, 12:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-10-21 12:15
Updated : 2025-10-23 14:00
NVD link : CVE-2025-9428
Mitre link : CVE-2025-9428
CVE.ORG link : CVE-2025-9428
JSON object : View
Products Affected
zohocorp
- manageengine_analytics_plus
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')