CVE-2025-11669
Unknown Unknown - Not Provided
Authorization Bypass in ManageEngine PAM360 and Related Products

Publication date: 2026-01-13

Last updated on: 2026-02-02

Assigner: ManageEngine

Description
Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-02-02
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11669
EUVD
EUVD-2026-2357
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
zohocorp pam360 to 8202 (exc)
zohocorp password_manager_pro to 13221 (exc)
zohocorp access_manager_plus to 4401 (exc)
zohocorp manageengine_pam360 to 8.2 (inc)
zohocorp manageengine_pam360 8.2
zohocorp manageengine_access_manager_plus to 4.4 (inc)
zohocorp manageengine_access_manager_plus 4.4
zohocorp manageengine_password_manager_pro to 13.2 (inc)
zohocorp manageengine_password_manager_pro 13.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-11669 is a high-severity authorization vulnerability in ManageEngine's Password Manager Pro, PAM360, and Access Manager Plus. It allows authenticated users to initiate remote sessions to any resource managed by these products, as long as those resources are accessible from the servers where the products are installed. This means users with some level of access can potentially access resources they should not be authorized to use. [1]

Impact Analysis

This vulnerability can lead to unauthorized access to critical resources by authenticated users, potentially exposing sensitive data or systems. Since it allows initiation of remote sessions without proper authorization checks, it can result in privilege escalation and compromise of confidentiality and integrity of managed resources. [1]

Mitigation Strategies

Users should download and apply the latest upgrade packs from ManageEngine’s official upgrade pages to update PAM360 to build 8202 or later, Password Manager Pro to build 13221 or later, and Access Manager Plus to build 4401 or later. For further assistance, users can contact ManageEngine support via the provided emails. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11669. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart