CVE-2025-6250

High CVSS: 7.1

Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.

Vendor

Beyondtrust

Product

Privilege Management For Windows

CWE

CWE-424

Yayın Tarihi

2025-07-28 16:15:24

Güncelleme

2025-08-04 13:45:22

Source Identifier

13061848-ea10-403d-bd75-c83a022c2891

KEV Date Added

Kategoriler

CWE-424 Privilege Management For Windows HIGH Beyondtrust 2025

Referanslar

https://www.beyondtrust.com/trust-center/security-advisories/bt25-06

Benzer Kayıtlar

Critical

CVE-2026-1731

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-auth…

High

CVE-2025-2297

Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challe…

High

CVE-2025-5309

The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template I…

High

CVE-2025-0217

BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A loc…

High

CVE-2025-0889

Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows i…