CVE-2025-11669
Unknown Unknown - Not Provided

Authorization Bypass in ManageEngine PAM360 and Related Products

Vulnerability report for CVE-2025-11669, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-13

Last updated on: 2026-02-02

Assigner: ManageEngine

Description

Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-13
Last Modified
2026-02-02
Generated
2026-07-06
AI Q&A
2026-01-14
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 9 associated CPEs
Vendor Product Version / Range
zohocorp pam360 to 8202 (exc)
zohocorp password_manager_pro to 13221 (exc)
zohocorp access_manager_plus to 4401 (exc)
zohocorp manageengine_pam360 to 8.2 (inc)
zohocorp manageengine_pam360 8.2
zohocorp manageengine_access_manager_plus to 4.4 (inc)
zohocorp manageengine_access_manager_plus 4.4
zohocorp manageengine_password_manager_pro to 13.2 (inc)
zohocorp manageengine_password_manager_pro 13.2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-11669 is a high-severity authorization vulnerability in ManageEngine's Password Manager Pro, PAM360, and Access Manager Plus. It allows authenticated users to initiate remote sessions to any resource managed by these products, as long as those resources are accessible from the servers where the products are installed. This means users with some level of access can potentially access resources they should not be authorized to use. [1]

Impact Analysis

This vulnerability can lead to unauthorized access to critical resources by authenticated users, potentially exposing sensitive data or systems. Since it allows initiation of remote sessions without proper authorization checks, it can result in privilege escalation and compromise of confidentiality and integrity of managed resources. [1]

Mitigation Strategies

Users should download and apply the latest upgrade packs from ManageEngine’s official upgrade pages to update PAM360 to build 8202 or later, Password Manager Pro to build 13221 or later, and Access Manager Plus to build 4401 or later. For further assistance, users can contact ManageEngine support via the provided emails. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11669. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart