CVE-2025-8324: Unauthenticated SQL Injection Vulnerability in Zoho Analytics On-Premise
Severity: Critical
CVE ID: CVE-2025-8324
| Product name | Affected Software Version(s) | Fixed Version | Fixed On |
|---|---|---|---|
| Zoho Analytics On-Premise | Zoho Analytics On-Premise builds below 6170 | Build 6171 | August 01, 2025 |
Details
An unauthenticated SQL injection vulnerability (CVE-2025-8324) has been identified in Zoho Analytics On-Premise. This vulnerability could allow attackers to execute arbitrary SQL queries due to insufficient input validation.
Impact
This vulnerability could lead to the unauthorized exposure of user information, potentially resulting in account takeovers.
Fix
The issue has been resolved by enforcing strict restrictions on vulnerable URLs and removing the insecure code.
Steps to upgrade
- Kindly download the latest upgrade pack from the service pack page.
- Follow the instructions detailed in the above service pack page to upgrade to the latest build.
Acknowledgements
This vulnerability was reported by devme4f from VNPT-VCI through our Bug Bounty portal.
For any questions or concerns, please write to us at onprem-support@zohoanalytics.com