CVE-2025-11669
HIGHManageEngine PAM360 < 8.2, Password Manager Pro < 13.2, Access Manager Plus < 4.4 - Missing Authorization
Title source: llmDescription
Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.
References (1)
Core 1
Core References
Patch, Vendor Advisory
https://www.manageengine.com/privileged-access-management/advisory/cve-2025-11669.html
Scores
CVSS v3
8.1
EPSS
0.0001
EPSS Percentile
0.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-862
Status
published
Products (6)
zohocorp/manageengine_access_manager_plus
4.4 build4400
zohocorp/manageengine_access_manager_plus
< 4.4
zohocorp/manageengine_pam360
8.2 build8200 (2 CPE variants)
zohocorp/manageengine_pam360
< 8.2
zohocorp/manageengine_password_manager_pro
13.2 build13200 (3 CPE variants)
zohocorp/manageengine_password_manager_pro
< 13.2
Published
Jan 13, 2026
Tracked Since
Feb 18, 2026