Local Privilege Escalation in BeyondTrust Privilege Management for Windows
CVE-2025-0889

7.2HIGH

Key Information:

Vendor: Beyondtrust
Status: Privilege Management For Windows
Vendor: CVE Published:; 26 February 2025

🔔 Create Beyondtrust Vulnerability Alert

What is CVE-2025-0889?

A local authenticated attacker can exploit a local privilege escalation vulnerability in BeyondTrust Privilege Management for Windows. This vulnerability arises from the manipulation of COM objects in specific contexts where an EPM policy permits automatic elevation of user process privileges. As a result, attackers can leverage this flaw to gain higher-level access rights within the affected system, potentially leading to unauthorized actions.

Affected Version(s)

Privilege Management for Windows Windows 0 < 25.2

References

https://www.beyondtrust.com/trust-center/security-advisor...

CVSS V4

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 26, 2025
Vulnerability Reserved
Jan 30, 2025