Privilege Management for Windows – Elevation of Privilege_CVE-2025-2297

7.2 / 10

HIGH

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.

Basic Information

ID CVE-2025-2297

Source BT

Published Jul 28, 2025 at 15:40

Modified Jul 28, 2025 at 17:22

Affected Product

Vendor BeyondTrust

Product Privilege Management for Windows

Affected Versions BeyondTrust Privilege Management for Windows 0

CWE Classification

CWE-268

References

www.beyondtrust.com /trust-center/security-advisories/bt25-05

{
    "lastseen": "",
    "description": "Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.",
    "published": "2025-07-28T15:40:14.633Z",
    "modified": "2025-07-28T17:22:18.590Z",
    "type": "cve",
    "title": "Privilege Management for Windows - Elevation of Privilege",
    "source": "BT",
    "references": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-05",
    "id": "CVE-2025-2297",
    "bulletinFamily": "",
    "cwe": [
        "CWE-268"
    ],
    "cvelist": null,
    "sourceData": "BeyondTrust Privilege Management for Windows 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.2,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Privilege Management for Windows",
    "version": "0",
    "vendor": "BeyondTrust",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}