CVE-2025-11669
Published: 13 January 2026
Summary
CVE-2025-11669 is a high-severity Missing Authorization (CWE-862) vulnerability in Zohocorp Manageengine Password Manager Pro. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Remote Services (T1021); ranked at the 0.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates enforcement of approved authorizations for access to system resources, addressing the missing authorization in remote session initiation.
Requires timely identification, reporting, and correction of system flaws like this authorization bypass via patching to fixed versions.
Enforces least privilege to restrict low-privileged users from performing unauthorized high-impact actions such as remote session initiation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authorization bypass directly enables unauthorized initiation of remote sessions (T1021 Remote Services) in PAM products, facilitating lateral movement or privileged access abuse.
NVD Description
Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.
Deeper analysisAI
CVE-2025-11669 is an authorization bypass vulnerability (CWE-862: Missing Authorization) affecting the initiate remote session functionality in multiple Zoho ManageEngine products. Specifically, ManageEngine PAM360 versions prior to 8202, Password Manager Pro versions prior to 13221, and Access Manager Plus versions prior to 4401 are vulnerable. The issue was published on January 13, 2026, and carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N), indicating high severity due to its potential for significant confidentiality and integrity impacts.
An attacker with low-privilege authenticated access (PR:L) can exploit this vulnerability over the network (AV:N) with low complexity (AC:L) and without user interaction (UI:N). Successful exploitation allows unauthorized initiation of remote sessions, potentially granting high-level confidentiality (C:H) and integrity (I:H) access, such as viewing or modifying sensitive privileged credentials or sessions, while availability remains unaffected (A:N) and scope is unchanged (S:U).
The official ManageEngine advisory at https://www.manageengine.com/privileged-access-management/advisory/cve-2025-11669.html details mitigation steps, recommending immediate upgrades to PAM360 version 8202 or later, Password Manager Pro version 13221 or later, and Access Manager Plus version 4401 or later to address the authorization flaw.
Details
- CWE(s)