CVE-2025-2297
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-28
Last updated on: 2025-08-04
Assigner: BeyondTrust
Description
Description
Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| beyondtrust | privilege_management_for_windows | to 25.4.270 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-268 | Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows a local authenticated attacker to manipulate user profile files to insert illegitimate challenge response codes into the local user registry under certain conditions. This manipulation can enable the attacker to elevate their privileges to administrator.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with local authenticated access to escalate their privileges to administrator level, potentially gaining full control over the affected system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70