Privilege Management for Windows – Elevation of Privilege

July 28, 2025 invoker category_cve

CVE Details

Basic Information

Title Privilege Management for Windows – Elevation of Privilege
Type cve
Published 2025-07-28T15:40:14.633Z
Modified 2025-07-28T15:40:14.633Z

Product Information

Vendor BeyondTrust
Product Privilege Management for Windows
Version 0

CVSS Information

Base Score 7.2 (HIGH)
Attack Vector CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products

  • BeyondTrust Privilege Management for Windows 0

Additional Information

CWE List CWE-268
Source BT

Description

Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.