Vulnerability cyber

ManageEngine

Mar 17, 2025 1 min read
ManageEngine

A high-severity authentication vulnerability, identified as CVE-2025-1724, affected ManageEngine Analytics Plus on-premise versions before the 6130 build. Malicious actors could exploit the flaw to bypass AD authentication, gaining unauthorized access to user accounts and sensitive data. The issue was patched on March 11, 2025. Key management and encryption weaknesses allowed token capture and replay, leading to potential account takeovers and exposing organizations to data exfiltration, regulatory non-compliance, and escalation of privileges.

Source: https://cybersecuritynews.com/manage-engine-analytics-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/manageengine

"id": "man710031725",
"linkid": "manageengine",
"type": "Vulnerability",
"date": "3/2025",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'IT Management',
                        'name': 'ManageEngine',
                        'type': 'Software Company'}],
 'attack_vector': 'Bypass AD authentication',
 'data_breach': {'data_encryption': 'Key management and encryption weaknesses',
                 'data_exfiltration': 'Potential data exfiltration',
                 'type_of_data_compromised': ['user accounts',
                                              'sensitive data']},
 'date_resolved': 'March 11, 2025',
 'description': 'A high-severity authentication vulnerability, identified as '
                'CVE-2025-1724, affected ManageEngine Analytics Plus '
                'on-premise versions before the 6130 build. Malicious actors '
                'could exploit the flaw to bypass AD authentication, gaining '
                'unauthorized access to user accounts and sensitive data. The '
                'issue was patched on March 11, 2025. Key management and '
                'encryption weaknesses allowed token capture and replay, '
                'leading to potential account takeovers and exposing '
                'organizations to data exfiltration, regulatory '
                'non-compliance, and escalation of privileges.',
 'impact': {'data_compromised': ['user accounts', 'sensitive data']},
 'initial_access_broker': {'entry_point': 'Bypass AD authentication'},
 'motivation': 'Unauthorized access to user accounts and sensitive data',
 'post_incident_analysis': {'corrective_actions': 'Patch released',
                            'root_causes': ['Authentication vulnerability',
                                            'Key management and encryption '
                                            'weaknesses']},
 'response': {'remediation_measures': 'Patch released'},
 'title': 'Authentication Vulnerability in ManageEngine Analytics Plus',
 'type': 'Authentication Vulnerability',
 'vulnerability_exploited': 'CVE-2025-1724'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.