top of page
Search

Critical ASUS DSL Router Flaw (CVE-2025-59367, CVSS 9.3) Permits Unauthenticated Remote Access

  • Nov 14, 2025
  • 1 min read

Key Findings


  • Zoho Corporation has released an urgent security advisory addressing a critical severity SQL injection vulnerability affecting Analytics Plus on-premise installations.

  • The vulnerability, tracked as CVE-2025-8324, has a CVSS score of 9.8 and allows unauthenticated remote attackers to execute arbitrary SQL queries.

  • Exploitation of this flaw can lead to unauthorized data exposure and, in severe cases, account takeover.


Background


Zoho Analytics Plus is a widely used enterprise analytics and business intelligence platform. The on-premise version of the software is affected by the vulnerability, which stems from insufficient input validation in specific backend components.


Impact


  • Unauthenticated attackers can execute arbitrary SQL queries, potentially leading to the unauthorized exposure of user information and account takeovers.

  • The flaw is particularly damaging when Analytics Plus is integrated into sensitive environments, as the vulnerability can be exploited without needing valid credentials.


Remediation


Zoho has released a fix in Analytics Plus Build 6171, addressing the vulnerability. Zoho instructs all on-premise customers to update immediately by:


  • Downloading the latest upgrade pack from the official service pack page

  • Following the upgrade instructions provided on that page


Mitigation for Unsupported Versions


For older, unsupported Analytics Plus versions that cannot be upgraded, Zoho recommends:


  • Closely monitoring the environment for any suspicious activity

  • Ensuring the product is not exposed to the internet

  • Considering a migration to a supported version or alternative analytics solution


Additional Considerations


Given the severity of the vulnerability and the widespread use of Analytics Plus, organizations should treat CVE-2025-8324 as a high-priority risk and apply the necessary updates as soon as possible.


Sources


  • https://securityonline.info/critical-asus-dsl-router-flaw-cve-2025-59367-cvss-9-3-allows-unauthenticated-remote-access/

  • https://securityonline.info/critical-zoho-analytics-plus-flaw-cve-2025-8324-cvss-9-8-allows-unauthenticated-sql-injection-and-data-takeover/

Recent Posts

See All

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page