vulnerability

Zoho ManageEngine PAM360: CVE-2025-11669: Missing Authorization Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:S/C:C/I:C/A:N)	Oct 13, 2025	Jan 13, 2026	Jan 14, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:N)

Published

Oct 13, 2025

Added

Jan 13, 2026

Modified

Jan 14, 2026

Description

Zohocorp ManageEngine PAM360 versions before 8202 Password Manager Pro versions before 13221 Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality

Solution

zoho-manageengine-pam360-upgrade-latest

References

CWE-862
CVE-2025-11669
https://attackerkb.com/topics/CVE-2025-11669
URL-https://www.manageengine.com/privileged-access-management/advisory/cve-2025-11669.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today