Vulnerability Details CVE-2025-2297
Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.8%
CVSS Severity
CVSS v3 Score 7.8
Products affected by CVE-2025-2297
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:-
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:22.3
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:23.1
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:23.1.264
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:23.1.269
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:23.3
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:23.3.148
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:23.5
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:23.6
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:23.6.89
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:23.7
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:23.7.150
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:23.9
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:23.9.261
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:24.1
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:24.1.98
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:24.3
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:24.3.334
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:24.5
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:24.5.361
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:24.7
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:24.7.432
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:24.8
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:25.2
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:25.2.11
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:25.2.40
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:25.4.221
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:4.3
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:4.4
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:5.0
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:5.1
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:5.2.21
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:5.2.28
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:5.3.216
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:5.3.219
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:5.3.229
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:5.3.230
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:5.4
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:5.5
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:5.5.144
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:5.6
-
cpe:2.3:a:beyondtrust:privilege_management_for_windows:5.7