Cyber Posture

CVE-2025-9428

High

Published: 21 October 2025

Published
21 October 2025
Modified
23 October 2025
KEV Added
Patch
CVSS Score 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS Score 0.0059 69.4th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may leverage databases to mine valuable information.

Security Summary

CVE-2025-9428 is an authenticated SQL injection vulnerability (CWE-89) in Zoho Corp's ManageEngine Analytics Plus versions 6171 and prior. The issue resides in the key update API, enabling malicious SQL queries when improperly handled. Published on 2025-10-21, it carries a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L), indicating high severity due to network accessibility and significant impact potential.

Low-privileged authenticated users can exploit this vulnerability remotely with low attack complexity and no user interaction required. Exploitation allows attackers to achieve high confidentiality and integrity impacts, such as extracting sensitive data or altering database contents, while causing limited availability disruption within the unchanged scope.

Mitigation details are available in the vendor advisory at https://www.manageengine.com/analytics-plus/CVE-2025-9428.html.

Details

CWE(s)
CWE-89

Affected Products

zohocorp
manageengine analytics plus
6.1 · ≤ 6.1

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
attack.mitre.org →
Why these techniques?

Authenticated SQL injection in a network-accessible web API enables exploitation of a public-facing application (T1190) and direct access to extract or manipulate data from databases (T1213.006).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References