CVE-2025-2297

EPSS 0.02%
Veröffentlicht 28.07.2025 15:40:14
Zuletzt bearbeitet 04.08.2025 13:46:27
Quelle 13061848-ea10-403d-bd75-c83a02
CVE-Watchlists
Login
Unerledigt
Login

Privilege Management for Windows - Elevation of Privilege

Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Beyondtrust ≫ Privilege Management For Windows Version < 25.4.270

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.04

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
13061848-ea10-403d-bd75-c83a022c2891	7.2	0	0	CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-268 Privilege Chaining

Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination.

https://www.beyondtrust.com/trust-center/security-advisories/bt25-05

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-2297

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-2297

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-2297

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-2297