CVE-2025-0889

High CVSS: 7.2

Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process.

Vendor

Beyondtrust

Product

Privilege Management For Windows

CWE

CWE-268

Yayın Tarihi

2025-02-26 08:13:09

Güncelleme

2025-07-31 17:33:31

Source Identifier

13061848-ea10-403d-bd75-c83a022c2891

KEV Date Added

Kategoriler

CWE-268 Privilege Management For Windows HIGH Beyondtrust 2025

Referanslar

https://www.beyondtrust.com/trust-center/security-advisories/bt25-01

Benzer Kayıtlar

Critical

CVE-2026-1731

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-auth…

High

CVE-2025-2297

Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challe…

High

CVE-2025-6250

Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypass…

High

CVE-2025-5309

The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template I…

High

CVE-2025-0217

BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A loc…