Unauthorized Access Vulnerability in Password Manager Pro, PAM360, and Access Manager Plus

Severity : High

CVE ID : CVE-2025-11669

Details :
An unauthorized access vulnerability was reported in Password Manager Pro, Access Manager Plus, and PAM360. This issue has been fixed and no longer exists in the latest version.

Product Name	Affected Version(s)	Fixed Version(s)	Fixed On
PAM360	Till 8201	Build—8202	13th October, 2025
Password Manager Pro	Till 13220	Build—13221	14th October, 2025
Access Manager Plus	Till 4400	Build—4401	15th October, 2025

Impact :
An unauthorized access vulnerability in Password Manager Pro, PAM360, and Access Manager Plus allows authenticated users to initiate remote sessions to any resource (already managed by the products).

Note: This vulnerability is exploitable only if these resources are accessible from the servers where the respective products are installed.

Steps to Upgrade:

Download the latest upgrade pack from the following link
- Password Manager Pro - https://www.manageengine.com/products/passwordmanagerpro/upgradepack.html
- PAM360 - https://www.manageengine.com/privileged-access-management/upgradepack.html
- Access Manager Plus - https://www.manageengine.com/privileged-session-management/upgradepack.html
Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above link.

Please contact the product support for further details at the below mentioned email addresses:

Password Manager Pro: passwordmanagerpro-support@manageengine.com

PAM360: pam360-support@manageengine.com

Access Manager Plus: accessmanagerplus-support@manageengine.com