CVE-2025-2297

High CVSS: 7.2

Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.

Vendor

Beyondtrust

Product

Privilege Management For Windows

CWE

CWE-268

Yayın Tarihi

2025-07-28 16:15:24

Güncelleme

2025-08-04 13:46:27

Source Identifier

13061848-ea10-403d-bd75-c83a022c2891

KEV Date Added

Kategoriler

CWE-268 Privilege Management For Windows HIGH Beyondtrust 2025

Referanslar

https://www.beyondtrust.com/trust-center/security-advisories/bt25-05

Benzer Kayıtlar

Critical

CVE-2026-1731

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-auth…

High

CVE-2025-6250

Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypass…

High

CVE-2025-5309

The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template I…

High

CVE-2025-0217

BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A loc…

High

CVE-2025-0889

Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows i…