CVE-2025-11669

EUVD-2026-2357
Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
ZohocorpCNA
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
zohocorpmanageengine_pam360
𝑥
< 8.2
zohocorpmanageengine_pam360
8.2:build8200
zohocorpmanageengine_pam360
8.2:build8201
zohocorpmanageengine_access_manager_plus
𝑥
< 4.4
zohocorpmanageengine_access_manager_plus
4.4:build4400
zohocorpmanageengine_password_manager_pro
𝑥
< 13.2
zohocorpmanageengine_password_manager_pro
13.2:build13200
zohocorpmanageengine_password_manager_pro
13.2:build13210
zohocorpmanageengine_password_manager_pro
13.2:build13220
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.manageengine.com/privileged-access-management/advisory/cve-2025-11669.html