EXECUTIVE SUMMARY:
A critical SQL injection flaw tracked as CVE-2025-8324 with a CVSS score of 9.8 affects an on-premises analytics platform and allows unauthenticated attackers to run arbitrary SQL queries that can expose sensitive data and potentially lead to account takeover. The vulnerability originates from insufficient validation of user-supplied parameters within backend components, creating a severe risk for environments where the platform is used for analytics and data processing. Because exploitation does not require credentials, any externally exposed or poorly segmented deployment faces heightened danger, with possible consequences including data exfiltration, privilege escalation, and widespread compromise of stored information. The issue has been resolved in a new build update, and applying the latest patch is essential to mitigate the risk.
RECOMMENDATION:
We strongly recommend you update Wolfram Cloud version to below version link: https://www.manageengine.com/analytics-plus/service-packs.html
REFERENCES:
The following reports contain further technical details:
https://securityonline.info/critical-zoho-analytics-plus-flaw-cve-2025-8324-cvss-9-8-allows-unauthenticated-sql-injection-and-data-takeover/