ManageEngine Analytics Plus security updates

CVE-2025-9428: SQL Injection Vulnerability in Analytics Plus on-premise

Severity: High

CVE ID: CVE-2025-9428

Product name	Affected Software Version(s)	Fixed Version	Fixed On
Analytics Plus on-premise	Analytics Plus on-premise builds below 6171	Build 6200	September 02, 2025

Details

A SQL injection vulnerability (CVE-2025-9428) has been identified in Analytics Plus. This vulnerability could allow an authenticated user to execute arbitrary SQL queries due to insufficient input validation.

Impact

This vulnerability allows authenticated users to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or database disruption.

Fix

The issue has been resolved by implementing restrictions on the usage of specific keywords in SQL queries.

Steps to upgrade

Kindly download the latest upgrade pack from the service pack page.
Follow the instructions detailed in the above service pack page to upgrade to the latest build.

For any questions or concerns, please write to us at:

EU region: analyticsplus-support@manageengine.eu
Other regions: analyticsplus-support@manageengine.com

CVE-2025-9428: SQL Injection Vulnerability in Analytics Plus on-premise

Resources

Product

Support

Connect with us: