CVE-2025-9428: SQL Injection Vulnerability in Zoho Analytics On-Premise
Severity: High
CVE ID: CVE-2025-9428
| Product name | Affected Software Version(s) | Fixed Version | Fixed On |
|---|---|---|---|
| Zoho Analytics On-Premise | Zoho Analytics On-Premise builds below 6171 | Build 6200 | September 02, 2025 |
Details
A SQL injection vulnerability (CVE-2025-9428) has been identified in Zoho Analytics On-Premise. This vulnerability could allow an authenticated user to execute arbitrary SQL queries due to insufficient input validation.
Impact
This vulnerability allows authenticated users to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or database disruption.
Fix
The issue has been resolved by implementing restrictions on the usage of specific keywords in SQL queries.
Steps to upgrade
- Kindly download the latest upgrade pack from the service pack page.
- Follow the instructions detailed in the above service pack page to upgrade to the latest build.
For any questions or concerns, please write to us at onprem-support@zohoanalytics.com