CVE-2025-11669 - Vulnerability Details - OpenCVE

Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Zohocorp	Manageengine Access Manager Plus Manageengine Pam360 Manageengine Password Manager Pro

No data.

No data.

No data.

References

Link	Providers
https://www.manageengine.com/privileged-access-management/advisory/cve-2025-11669.html

History

Tue, 13 Jan 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 13 Jan 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.
Title		Broken Access Control
First Time appeared		Zohocorp Zohocorp manageengine Access Manager Plus Zohocorp manageengine Pam360 Zohocorp manageengine Password Manager Pro
Weaknesses		CWE-862
CPEs		cpe:2.3:a:zohocorp:manageengine_access_manager_plus:::::::: cpe:2.3:a:zohocorp:manageengine_pam360:::::::: cpe:2.3:a:zohocorp:manageengine_password_manager_pro::::::::
Vendors & Products		Zohocorp Zohocorp manageengine Access Manager Plus Zohocorp manageengine Pam360 Zohocorp manageengine Password Manager Pro
References		https://www.manageengine.com/privileged-access-management/advisory/cve-2025-11669.html
Metrics		cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}`

MITRE

Status: PUBLISHED

Assigner: Zohocorp

Published: 2026-01-13T14:10:55.954Z

Updated: 2026-01-13T14:48:13.832Z

Reserved: 2025-10-13T04:36:27.412Z

Link: CVE-2025-11669

Vulnrichment

Updated: 2026-01-13T14:48:02.877Z

NVD

Status : Received

Published: 2026-01-13T14:16:37.160

Modified: 2026-01-13T14:16:37.160

Link: CVE-2025-11669

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11669", "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02", "state": "PUBLISHED", "assignerShortName": "Zohocorp", "dateReserved": "2025-10-13T04:36:27.412Z", "datePublished": "2026-01-13T14:10:55.954Z", "dateUpdated": "2026-01-13T14:48:13.832Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ManageEngine PAM360", "vendor": "Zohocorp", "versions": [{"lessThan": "8202", "status": "affected", "version": "0", "versionType": "8202"}]}, {"defaultStatus": "unaffected", "product": "ManageEngine Password Manager Pro", "vendor": "Zohocorp", "versions": [{"lessThan": "13221", "status": "affected", "version": "0", "versionType": "13221"}]}, {"defaultStatus": "unaffected", "product": "ManageEngine Access Manager Plus", "vendor": "Zohocorp", "versions": [{"lessThan": "4401", "status": "affected", "version": "0", "versionType": "4401"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:*", "versionEndExcluding": "8202", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*", "versionEndExcluding": "13221", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:*:*:*:*:*:*:*:*", "versionEndExcluding": "4401", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p><span style=\"background-color: rgb(255, 255, 255);\">Zohocorp</span> ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.</p>"}], "value": "Zohocorp\u00a0ManageEngine PAM360 versions before 8202; Password Manager Pro\u00a0versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02", "shortName": "Zohocorp", "dateUpdated": "2026-01-13T14:10:55.954Z"}, "references": [{"url": "https://www.manageengine.com/privileged-access-management/advisory/cve-2025-11669.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Broken Access Control", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-13T14:47:53.007785Z", "id": "CVE-2025-11669", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T14:48:13.832Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11669", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-13T14:47:53.007785Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T14:48:02.877Z"}}], "cna": {"title": "Broken Access Control", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zohocorp", "product": "ManageEngine PAM360", "versions": [{"status": "affected", "version": "0", "lessThan": "8202", "versionType": "8202"}], "defaultStatus": "unaffected"}, {"vendor": "Zohocorp", "product": "ManageEngine Password Manager Pro", "versions": [{"status": "affected", "version": "0", "lessThan": "13221", "versionType": "13221"}], "defaultStatus": "unaffected"}, {"vendor": "Zohocorp", "product": "ManageEngine Access Manager Plus", "versions": [{"status": "affected", "version": "0", "lessThan": "4401", "versionType": "4401"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.manageengine.com/privileged-access-management/advisory/cve-2025-11669.html"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Zohocorp\u00a0ManageEngine PAM360 versions before 8202; Password Manager Pro\u00a0versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.", "supportingMedia": [{"type": "text/html", "value": "<p><span style=\"background-color: rgb(255, 255, 255);\">Zohocorp</span> ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "8202", "versionStartIncluding": "0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "13221", "versionStartIncluding": "0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4401", "versionStartIncluding": "0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02", "shortName": "Zohocorp", "dateUpdated": "2026-01-13T14:10:55.954Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11669", "state": "PUBLISHED", "dateUpdated": "2026-01-13T14:48:13.832Z", "dateReserved": "2025-10-13T04:36:27.412Z", "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02", "datePublished": "2026-01-13T14:10:55.954Z", "assignerShortName": "Zohocorp"}, "dataVersion": "5.2"}