HIGH🇵🇱 Wersja polska

CVE-2025-2297

CVSS 7.2v4.0pub. 2025-07-28upd. 2025-08-04

Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.

CVSS Vector
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Beyondtrust Privilege Management For Windows

    APP
    Beyondtrust
    < 25.4.270
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-6250HIGH7.1ten sam produkt

Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint servi...

CVE-2025-0889HIGH7.2ten sam produkt

Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for...

CVE-2020-12614HIGH7.8ten sam produkt

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria...

CVE-2020-28369HIGH7.8ten sam produkt

In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase...

CVE-2020-12615HIGH7.8ten sam produkt

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin...