Critical Zoho Analytics Plus Flaw Allows Attackers to Run Arbitrary SQL Queries
gbhackersA critical unauthenticated SQL injection vulnerability has been discovered in Zoho Analytics Plus on-premise, posing a severe risk to organizations running affected versions.
Tracked as CVE-2025-8324, this flaw enables attackers to execute arbitrary SQL queries without authentication, potentially leading to unauthorized data exposure and account takeovers.
| CVE ID | Product | Severity | Affected Versions | Fixed Version |
|---|---|---|---|---|
| CVE-2025-8324 | Analytics Plus on-premise | Critical | Below Build 6170 | Build 6171 |
Vulnerability Overview
The vulnerability stems from insufficient input validation in Analytics Plus on-premises builds before 6170. Attackers can exploit this weakness to bypass authentication mechanisms and directly interact with the backend database.
This type of vulnerability is hazardous because it requires no user interaction and can be exploited remotely by unauthenticated threat actors.
CVE-2025-8324 represents a critical security risk, classified at the highest severity level due to its potential impact and ease of exploitation.
The flaw affects organizations using older versions of the software, leaving them ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE