top of page
Search

Critical ASUS DSL Router Flaw (CVE-2025-59367, CVSS 9.3) Permits Unauthenticated Remote Access

  • Nov 14, 2025
  • 1 min read

Key Findings


  • Zoho Corporation has released an urgent security advisory addressing a critical severity SQL injection vulnerability affecting Analytics Plus on-premise installations.

  • The vulnerability, tracked as CVE-2025-8324, has a CVSS score of 9.8 and allows unauthenticated remote attackers to execute arbitrary SQL queries.

  • Exploitation of this flaw can lead to unauthorized data exposure and, in severe cases, account takeover.


Background


Zoho Analytics Plus is a widely used enterprise analytics and business intelligence platform. The on-premise version of the software is affected by the vulnerability, which stems from insufficient input validation in specific backend components.


Impact


  • Unauthenticated attackers can execute arbitrary SQL queries, potentially leading to the unauthorized exposure of user information and account takeovers.

  • The flaw is particularly damaging when Analytics Plus is integrated into sensitive environments, as the vulnerability can be exploited without needing valid credentials.


Remediation


Zoho has released a fix in Analytics Plus Build 6171, addressing the vulnerability. Zoho instructs all on-premise customers to update immediately by:


  • Downloading the latest upgrade pack from the official service pack page

  • Following the upgrade instructions provided on that page


Mitigation for Unsupported Versions


For older, unsupported Analytics Plus versions that cannot be upgraded, Zoho recommends:


  • Closely monitoring the environment for any suspicious activity

  • Ensuring the product is not exposed to the internet

  • Considering a migration to a supported version or alternative analytics solution


Additional Considerations


Given the severity of the vulnerability and the widespread use of Analytics Plus, organizations should treat CVE-2025-8324 as a high-priority risk and apply the necessary updates as soon as possible.


Sources


  • https://securityonline.info/critical-asus-dsl-router-flaw-cve-2025-59367-cvss-9-3-allows-unauthenticated-remote-access/

  • https://securityonline.info/critical-zoho-analytics-plus-flaw-cve-2025-8324-cvss-9-8-allows-unauthenticated-sql-injection-and-data-takeover/

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page