CVE-2025-11669 HIGH

CVE-2025-11669: Broken Access Control

Vendor Zohocorp
Product ManageEngine PAM360
Weakness CWE-862 · Missing authorization
Published January 13, 2026
Last update February 26, 2026

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.

Key dates

02Disclosure timeline

January 13, 2026 CVE published
February 26, 2026 Record updated