CVE-2025-1724
Published: 17 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to CVE-2025-1724, an account takeover issue stemming from a hardcoded sensitive token, classified under CWE-798 (Use of Hard-coded Credentials). Published on 2025-03-17, this flaw carries a CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating high confidentiality and integrity impacts without affecting availability.
The vulnerability enables an attacker with network access to perform an Active Directory (AD)-only account takeover, requiring no privileges or user interaction but involving high attack complexity. Successful exploitation grants the attacker high-level access to the compromised AD account, potentially allowing unauthorized data access and modifications within the affected analytics platforms.
Official advisories from ManageEngine and Zoho detail mitigation steps, available at https://www.manageengine.com/analytics-plus/CVE-2025-1724.html and https://www.zoho.com/analytics/onpremise/CVE-2025-1724.html. Organizations should upgrade to version 6130 or later to address the hardcoded token issue.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Hardcoded token enables remote AD account takeover (T1078.002 Domain Accounts) via network-accessible on-premise analytics application (T1190 Exploit Public-Facing Application).