CVE-2025-11669

Published Jan 13, 2026

Last updated a month ago

CVSS high 8.1

Overview

Description: Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.
Source: 0fc0942c-577d-436f-ae8e-945763c79b02
NVD status: Analyzed
Products: manageengine_pam360, manageengine_access_manager_plus, manageengine_password_manager_pro

Risk scores

CVSS 3.1

Type: Secondary
Base score: 8.1
Impact score: 5.2
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Severity: HIGH

Weaknesses

0fc0942c-577d-436f-ae8e-945763c79b02: CWE-862

Hype score: Not currently trending

🟠 CVE-2025-11669 - High Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the ini... https://t.co/2OsCpA7Z49 https://t.co/8FVJI1a4bf
@TheHackerWire
13 Jan 2026
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "CF414A47-847B-4423-85BA-3BE7721CB631",
            "versionEndExcluding": "8.2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:8.2:build8200:*:*:*:*:*:*",
            "matchCriteriaId": "F1942CE8-BDBD-4C8B-A1A5-BC343A403EF6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:8.2:build8201:*:*:*:*:*:*",
            "matchCriteriaId": "C03FD6F2-1C37-4EDE-925C-2793DEA837D2",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "978659AB-47FC-4067-9D69-FAE21D87AE76",
            "versionEndExcluding": "4.4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.4:build4400:*:*:*:*:*:*",
            "matchCriteriaId": "20880A1B-E33E-4028-935B-F6308397270D",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:-:*:*:*",
            "matchCriteriaId": "3F6A6153-F358-4D49-9C30-50E418346769",
            "versionEndExcluding": "13.2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:13.2:build13200:*:*:-:*:*:*",
            "matchCriteriaId": "A7B3FD1F-E984-4BF5-BFDE-A4F8DF8D3252",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:13.2:build13210:*:*:-:*:*:*",
            "matchCriteriaId": "83144A70-3F05-427B-84BD-6D68575812B0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:13.2:build13220:*:*:-:*:*:*",
            "matchCriteriaId": "5FFFD4D0-0A63-4915-9BC6-016B3FA0BE98",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References