What is CVE-2025-8324?

CVE-2025-8324 is a critical SQL injection vulnerability with a CVSS score of 9.8 affecting Zoho Analytics Plus on-premise software. The flaw is caused by insufficient input validation and enables attackers to execute arbitrary SQL queries without authentication.

What product is affected by CVE-2025-8324?

The vulnerability affects Zoho Analytics Plus on-premise software, specifically builds below 6170.

What versions of Zoho Analytics Plus are vulnerable to CVE-2025-8324?

Analytics Plus on-premise builds below 6170 are vulnerable to CVE-2025-8324.

What is the patched version for CVE-2025-8324?

The vulnerability is patched in Analytics Plus on-premise Build 6171. Organizations should immediately upgrade to this version or later.

What should organizations do to protect against CVE-2025-8324?

Organizations running Analytics Plus on-premise should immediately upgrade to Build 6171 or later. They should also audit their systems for signs of potential exploitation before applying patches, including looking for suspicious SQL query patterns, examining user account creation and modification records for unauthorized changes, and investigating any unusual administrative actions.

What causes the Zoho Analytics Plus SQL injection vulnerability?

The vulnerability is caused by insufficient input validation in Analytics Plus on-premise software, which allows attackers to inject and execute arbitrary SQL queries without proper authentication.

Advisory

Critical unauthenticated SQL Injection flaw reported in on-premise Zoho Analytics Plus

Q: What can attackers do with the Zoho Analytics Plus vulnerability?

Attackers can execute arbitrary SQL queries without authentication, allowing them to access sensitive user data stored in Analytics Plus databases, including credentials, personal information, and business intelligence. They can also take over accounts.

published: Nov. 14, 2025

Take action: If you have Zoho Analytics Plus on-premise (builds below 6170), time for a very quick update. There's an SQL injection flaw that enables full system compromise, so don't delay. Upgrade to Build 6171 and check your logs for suspicious SQL queries and unauthorized account changes.

Learn More

Zoho is reporting an SQL injection flaw in its Analytics Plus on-premise software that enables attackers to execute arbitrary SQL queries without authentication.

The vulnerability is tracked as CVE-2025-8324 (CVSS score 9.8) and is by insufficient input validation in Analytics Plus on-premise builds before 6170. Attackers can access sensitive user data stored in Analytics Plus databases, including credentials, personal information, and business intelligence or take over accounts.

Affected versions are Analytics Plus on-premise builds below 6170.

The flaw is patched in Analytics Plus on-premise Build 6171.

Organizations running Analytics Plus on-premise should immediately upgrade to the latest build and should audit their systems for signs of potential exploitation before applying patches. Security teams should look for suspicious SQL query patterns, examine user account creation and modification records for unauthorized changes, and investigate any unusual administrative actions.

Critical unauthenticated SQL Injection flaw reported in on-premise Zoho Analytics Plus

Read More
CISA Warns of Active Exploitation in Apache ActiveMQ …
Significant security flaw discovered in PostgreSQL PL/Perl
Critical deserialization flaw in Apache ActiveMQ NMS AMQP …
Critical Memory Leak and Session Hijacking Vulnerabilities Patched …
JumpServer carries critical vulnerabilities in it's Ansible, patch …