CVE-2025-6250
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-28

Last updated on: 2025-08-04

Assigner: BeyondTrust

Description
Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-28
Last Modified
2025-08-04
Generated
2026-05-07
AI Q&A
2025-07-28
EPSS Evaluated
2026-05-05
NVD
CVE-2025-6250
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
beyondtrust privilege_management_for_windows to 25.4.270 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-424 The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability allows a user with an elevated full admin token to stop the Defendpoint service by using wmic.exe before version 25.4.270.0. Stopping this service bypasses anti-tamper protections, enabling the malicious user to add themselves to the Administrators group and run any process with elevated permissions.


How can this vulnerability impact me? :

The vulnerability can lead to privilege escalation where a malicious user can gain administrative rights by stopping a critical security service. This can result in unauthorized access, control over the system, and the ability to run any process with elevated permissions, potentially compromising system security.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart