Vulnerabilites related to beyondtrust - privilege_management_for_windows
Vulnerability from fkie_nvd
Published
2021-11-19 19:15
Modified
2024-11-21 06:27
Severity ?
Summary
BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| beyondtrust | privilege_management_for_windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "891F3595-8920-4611-BB90-219F04693B46",
"versionEndExcluding": "21.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions."
},
{
"lang": "es",
"value": "BeyondTrust Privilege Management versiones anteriores a 21.6, crea un Archivo Temporal en un directorio con permisos no seguros"
}
],
"id": "CVE-2021-42254",
"lastModified": "2024-11-21T06:27:27.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-19T19:15:09.093",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0008/MNDT-2021-0008.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.beyondtrust.com/blog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0008/MNDT-2021-0008.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.beyondtrust.com/blog"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-12 15:15
Modified
2024-11-21 04:59
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| beyondtrust | privilege_management_for_windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9A81CC-3192-447F-97C9-7913C5410962",
"versionEndIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en BeyondTrust Privilege Management para Windows hasta 5.6. Si se seleccionan los criterios del editor, se define el nombre de un editor que debe estar presente en el certificado (y tambi\u00e9n requiere que el certificado sea v\u00e1lido). Si un token Agregar administrador est\u00e1 protegido por este criterio, un actor malintencionado puede aprovecharlo para lograr la elevaci\u00f3n de privilegios de usuario est\u00e1ndar a administrador."
}
],
"id": "CVE-2020-12614",
"lastModified": "2024-11-21T04:59:55.383",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-12-12T15:15:07.363",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-10"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-28 16:15
Modified
2025-08-04 13:46
Severity ?
Summary
Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| beyondtrust | privilege_management_for_windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA5CC9-5E12-47FC-B648-72565C004484",
"versionEndExcluding": "25.4.270",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator."
},
{
"lang": "es",
"value": "Antes de la versi\u00f3n 25.4.270.0, un atacante autenticado localmente pod\u00eda manipular los archivos de perfil de usuario para a\u00f1adir c\u00f3digos de respuesta de desaf\u00edo ileg\u00edtimos al registro de usuarios local bajo ciertas condiciones. Esto permit\u00eda a los usuarios editar sus archivos de perfil y elevar sus privilegios a administrador."
}
],
"id": "CVE-2025-2297",
"lastModified": "2025-08-04T13:46:27.840",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"type": "Secondary"
}
]
},
"published": "2025-07-28T16:15:24.660",
"references": [
{
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-05"
}
],
"sourceIdentifier": "13061848-ea10-403d-bd75-c83a022c2891",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-268"
}
],
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-12 15:15
Modified
2024-11-21 05:22
Severity ?
Summary
In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\Temp.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| beyondtrust | privilege_management_for_windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "653794F5-3E2F-455F-8788-72885B8BD698",
"versionEndIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\\Temp."
},
{
"lang": "es",
"value": "En BeyondTrust Privilege Management para Windows (tambi\u00e9n conocido como PMfW) hasta 5.7, una instalaci\u00f3n de SISTEMA hace que Cryptbase.dll se cargue desde la ubicaci\u00f3n de escritura del usuario %WINDIR%\\Temp."
}
],
"id": "CVE-2020-28369",
"lastModified": "2024-11-21T05:22:40.593",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-12T15:15:07.450",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.beyondtrust.com/privilege-management/windows-mac"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.beyondtrust.com/privilege-management/windows-mac"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-08"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-16 21:15
Modified
2025-03-27 14:26
Severity ?
6.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When an low-privileged user initiates a repair, there is an attack vector through which the user is able to execute any program with elevated privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| beyondtrust | privilege_management_for_windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCA4D726-9CA4-40F5-8779-2DDE3E39B9CB",
"versionEndExcluding": "24.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When an low-privileged user initiates a repair, there is an attack vector through which the user is able to execute any program with elevated privileges."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en BeyondTrust Privilege Management para Windows antes de la versi\u00f3n 24.1. Cuando un usuario con pocos privilegios inicia una reparaci\u00f3n, existe un vector de ataque a trav\u00e9s del cual el usuario puede ejecutar cualquier programa con privilegios elevados."
}
],
"id": "CVE-2024-25083",
"lastModified": "2025-03-27T14:26:40.907",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.2,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-16T21:15:08.260",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-266"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-26 08:13
Modified
2025-07-31 17:33
Severity ?
Summary
Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| beyondtrust | privilege_management_for_windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D4EDE50-7315-448A-9921-33A17D67E059",
"versionEndExcluding": "25.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process."
},
{
"lang": "es",
"value": "Antes de la versi\u00f3n 25.2, un atacante autenticado local puede elevar privilegios en un sistema con Privilege Management para Windows instalado, a trav\u00e9s de la manipulaci\u00f3n de objetos COM en determinadas circunstancias en las que una pol\u00edtica EPM permite la elevaci\u00f3n autom\u00e1tica de privilegios de un proceso de usuario."
}
],
"id": "CVE-2025-0889",
"lastModified": "2025-07-31T17:33:31.090",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"type": "Secondary"
}
]
},
"published": "2025-02-26T08:13:09.050",
"references": [
{
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-01"
}
],
"sourceIdentifier": "13061848-ea10-403d-bd75-c83a022c2891",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-268"
}
],
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-28 16:15
Modified
2025-08-04 13:45
Severity ?
Summary
Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| beyondtrust | privilege_management_for_windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA5CC9-5E12-47FC-B648-72565C004484",
"versionEndExcluding": "25.4.270",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions."
},
{
"lang": "es",
"value": "Antes de la versi\u00f3n 25.4.270.0, al elevar wmic.exe con un token de administrador completo, el usuario pod\u00eda detener el servicio Defendpoint, omitiendo as\u00ed las protecciones antimanipulaci\u00f3n. Una vez deshabilitado el servicio, el usuario malintencionado pod\u00eda agregarse al grupo de administradores y ejecutar cualquier proceso con permisos elevados."
}
],
"id": "CVE-2025-6250",
"lastModified": "2025-08-04T13:45:22.730",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"type": "Secondary"
}
]
},
"published": "2025-07-28T16:15:24.947",
"references": [
{
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-06"
}
],
"sourceIdentifier": "13061848-ea10-403d-bd75-c83a022c2891",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-424"
}
],
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-25 08:15
Modified
2024-11-21 08:34
Severity ?
Summary
The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| beyondtrust | privilege_management_for_windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBEDF0F2-0E81-4D6D-88F9-B077DA019524",
"versionEndExcluding": "2023-07-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature."
},
{
"lang": "es",
"value": "La funci\u00f3n Challenge Response de BeyondTrust Privilege Management para Windows (PMfW) antes del 14 de julio de 2023 permite a los administradores locales omitir esta funci\u00f3n descifrando la clave compartida o localizando la clave compartida descifrada en la memoria de proceso. La amenaza se mitiga mediante la funci\u00f3n Agent Protection."
}
],
"id": "CVE-2023-49944",
"lastModified": "2024-11-21T08:34:03.213",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-25T08:15:07.833",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/security"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt23-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt23-08"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-11 22:15
Modified
2024-11-21 04:59
Severity ?
Summary
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). When Avecto elevates the process, it removes the user who is launching the process, but not the second user. Therefore this second user still retains access and can give permission to the process back to the first user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| beyondtrust | privilege_management_for_windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9A81CC-3192-447F-97C9-7913C5410962",
"versionEndIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). When Avecto elevates the process, it removes the user who is launching the process, but not the second user. Therefore this second user still retains access and can give permission to the process back to the first user."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en BeyondTrust Privilege Management para Windows hasta 5.6. Un atacante puede generar un proceso con m\u00faltiples usuarios como parte del token de seguridad (antes de la elevaci\u00f3n de Avecto). Cuando Avecto eleva el proceso, elimina al usuario que inicia el proceso, pero no al segundo usuario. Por lo tanto, este segundo usuario a\u00fan conserva el acceso y puede otorgar permiso para el proceso al primer usuario."
}
],
"id": "CVE-2020-12613",
"lastModified": "2024-11-21T04:59:55.223",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-11T22:15:06.580",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-11"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-12 14:15
Modified
2024-11-21 04:59
Severity ?
Summary
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files (x86) folder and therefore uses the %ProgramFiles(x86)% environment variable. However, when this same policy gets pushed to a 32bit machine, this environment variable does not exist. Therefore, since the standard user can create a user level environment variable, they can repoint this variable to any folder the user has full control of. Then, the folder structure can be created in such a way that a rule matches and arbitrary code runs elevated.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| beyondtrust | privilege_management_for_windows | * | |
| beyondtrust | privilege_management_for_windows | 5.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F67CF10-9F8A-4161-9789-AE3C4F6F4C18",
"versionEndExcluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:5.6:-:*:*:*:*:*:*",
"matchCriteriaId": "68575FC2-6FFA-4F05-AD98-D4CD1C1824F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files (x86) folder and therefore uses the %ProgramFiles(x86)% environment variable. However, when this same policy gets pushed to a 32bit machine, this environment variable does not exist. Therefore, since the standard user can create a user level environment variable, they can repoint this variable to any folder the user has full control of. Then, the folder structure can be created in such a way that a rule matches and arbitrary code runs elevated."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en BeyondTrust Privilege Management para Windows hasta 5.6. Al especificar un programa para elevar, normalmente se puede encontrar dentro de la carpeta Archivos de programa (x86) y, por lo tanto, utiliza la variable de entorno %ProgramFiles(x86)%. Sin embargo, cuando esta misma pol\u00edtica se aplica a una m\u00e1quina de 32 bits, esta variable de entorno no existe. Por lo tanto, dado que el usuario est\u00e1ndar puede crear una variable de entorno a nivel de usuario, puede redirigir esta variable a cualquier carpeta sobre la que el usuario tenga control total. Luego, la estructura de carpetas se puede crear de tal manera que una regla coincida y el c\u00f3digo arbitrario se ejecute elevado."
}
],
"id": "CVE-2020-12612",
"lastModified": "2024-11-21T04:59:55.060",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-12T14:15:07.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-09"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-12 13:15
Modified
2024-11-21 04:59
Severity ?
Summary
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| beyondtrust | privilege_management_for_windows | * | |
| beyondtrust | privilege_management_for_windows | 5.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F67CF10-9F8A-4161-9789-AE3C4F6F4C18",
"versionEndExcluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:5.6:-:*:*:*:*:*:*",
"matchCriteriaId": "68575FC2-6FFA-4F05-AD98-D4CD1C1824F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en BeyondTrust Privilege Management para Windows hasta 5.6. Al agregar el token Agregar administrador a un proceso y especificar que se ejecute con una integridad media y que el usuario sea propietario del proceso, este token de seguridad se puede robar y aplicar a procesos arbitrarios."
}
],
"id": "CVE-2020-12615",
"lastModified": "2024-11-21T04:59:55.607",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-12T13:15:06.820",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-07"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-16 19:15
Modified
2025-02-07 15:07
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| beyondtrust | privilege_management_for_windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCA4D726-9CA4-40F5-8779-2DDE3E39B9CB",
"versionEndExcluding": "24.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues."
},
{
"lang": "es",
"value": "Antes de la versi\u00f3n 24.1, un atacante autenticado local puede ver Sysvol cuando Privilege Management para Windows est\u00e1 configurado para usar una pol\u00edtica de GPO. Esto les permite ver la pol\u00edtica y potencialmente encontrar problemas de configuraci\u00f3n."
}
],
"id": "CVE-2024-1591",
"lastModified": "2025-02-07T15:07:53.133",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-16T19:15:08.207",
"references": [
{
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-02"
}
],
"sourceIdentifier": "13061848-ea10-403d-bd75-c83a022c2891",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-12613 (GCVE-0-2020-12613)
Vulnerability from cvelistv5
Published
2023-12-11 00:00
Modified
2024-08-04 12:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). When Avecto elevates the process, it removes the user who is launching the process, but not the second user. Therefore this second user still retains access and can give permission to the process back to the first user.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:21.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). When Avecto elevates the process, it removes the user who is launching the process, but not the second user. Therefore this second user still retains access and can give permission to the process back to the first user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-11T21:57:24.386753",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12613",
"datePublished": "2023-12-11T00:00:00",
"dateReserved": "2020-05-01T00:00:00",
"dateUpdated": "2024-08-04T12:04:21.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12615 (GCVE-0-2020-12615)
Vulnerability from cvelistv5
Published
2023-12-12 00:00
Modified
2024-08-28 16:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-12615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T16:28:52.996108Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T16:30:49.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T12:55:53.364739",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-07"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12615",
"datePublished": "2023-12-12T00:00:00",
"dateReserved": "2020-05-01T00:00:00",
"dateUpdated": "2024-08-28T16:30:49.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6250 (GCVE-0-2025-6250)
Vulnerability from cvelistv5
Published
2025-07-28 15:40
Modified
2025-07-28 17:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BeyondTrust | Privilege Management for Windows |
Version: 0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T17:22:35.364250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T17:22:45.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Privilege Management for Windows",
"vendor": "BeyondTrust",
"versions": [
{
"lessThan": "\u003c25.4.270",
"status": "affected",
"version": "0",
"versionType": "cpe"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "MSG Systems AG"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.\u0026nbsp;"
}
],
"value": "Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-424",
"description": "CWE-424",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T15:40:28.381Z",
"orgId": "13061848-ea10-403d-bd75-c83a022c2891",
"shortName": "BT"
},
"references": [
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-06"
}
],
"source": {
"advisory": "bt25-06",
"discovery": "UNKNOWN"
},
"title": "Privilege Management for Windows - Elevation of Privilege",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
"assignerShortName": "BT",
"cveId": "CVE-2025-6250",
"datePublished": "2025-07-28T15:40:28.381Z",
"dateReserved": "2025-06-18T18:48:28.860Z",
"dateUpdated": "2025-07-28T17:22:45.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12612 (GCVE-0-2020-12612)
Vulnerability from cvelistv5
Published
2023-12-12 00:00
Modified
2024-08-04 12:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files (x86) folder and therefore uses the %ProgramFiles(x86)% environment variable. However, when this same policy gets pushed to a 32bit machine, this environment variable does not exist. Therefore, since the standard user can create a user level environment variable, they can repoint this variable to any folder the user has full control of. Then, the folder structure can be created in such a way that a rule matches and arbitrary code runs elevated.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:21.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files (x86) folder and therefore uses the %ProgramFiles(x86)% environment variable. However, when this same policy gets pushed to a 32bit machine, this environment variable does not exist. Therefore, since the standard user can create a user level environment variable, they can repoint this variable to any folder the user has full control of. Then, the folder structure can be created in such a way that a rule matches and arbitrary code runs elevated."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T13:24:20.366161",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-09"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12612",
"datePublished": "2023-12-12T00:00:00",
"dateReserved": "2020-05-01T00:00:00",
"dateUpdated": "2024-08-04T12:04:21.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42254 (GCVE-0-2021-42254)
Vulnerability from cvelistv5
Published
2021-11-19 18:04
Modified
2024-08-04 03:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.beyondtrust.com/blog | x_refsource_MISC | |
| https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0008/MNDT-2021-0008.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:37.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.beyondtrust.com/blog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0008/MNDT-2021-0008.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-19T18:04:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.beyondtrust.com/blog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0008/MNDT-2021-0008.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.beyondtrust.com/blog",
"refsource": "MISC",
"url": "https://www.beyondtrust.com/blog"
},
{
"name": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0008/MNDT-2021-0008.md",
"refsource": "MISC",
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0008/MNDT-2021-0008.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42254",
"datePublished": "2021-11-19T18:04:10",
"dateReserved": "2021-10-11T00:00:00",
"dateUpdated": "2024-08-04T03:30:37.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25083 (GCVE-0-2024-25083)
Vulnerability from cvelistv5
Published
2024-02-16 00:00
Modified
2024-08-28 15:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When an low-privileged user initiates a repair, there is an attack vector through which the user is able to execute any program with elevated privileges.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:beyondtrust:privilege_management_for_windows:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "privilege_management_for_windows",
"vendor": "beyondtrust",
"versions": [
{
"lessThan": "24.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25083",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T20:36:28.397473Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T15:31:10.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When an low-privileged user initiates a repair, there is an attack vector through which the user is able to execute any program with elevated privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:L/A:N/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-16T21:13:55.222079",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25083",
"datePublished": "2024-02-16T00:00:00",
"dateReserved": "2024-02-04T00:00:00",
"dateUpdated": "2024-08-28T15:31:10.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2297 (GCVE-0-2025-2297)
Vulnerability from cvelistv5
Published
2025-07-28 15:40
Modified
2025-07-28 17:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BeyondTrust | Privilege Management for Windows |
Version: 0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2297",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T17:22:05.722414Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T17:22:18.590Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Privilege Management for Windows",
"vendor": "BeyondTrust",
"versions": [
{
"lessThan": "\u003c25.4.270",
"status": "affected",
"version": "0",
"versionType": "cpe"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Lukasz Piotrowski"
},
{
"lang": "en",
"type": "reporter",
"value": "Marius Kotlarz"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.\u003cbr\u003e"
}
],
"value": "Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-268",
"description": "CWE-268",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T15:40:14.633Z",
"orgId": "13061848-ea10-403d-bd75-c83a022c2891",
"shortName": "BT"
},
"references": [
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-05"
}
],
"source": {
"advisory": "BT25-05",
"discovery": "UNKNOWN"
},
"title": "Privilege Management for Windows - Elevation of Privilege",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
"assignerShortName": "BT",
"cveId": "CVE-2025-2297",
"datePublished": "2025-07-28T15:40:14.633Z",
"dateReserved": "2025-03-13T21:22:29.654Z",
"dateUpdated": "2025-07-28T17:22:18.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1591 (GCVE-0-2024-1591)
Vulnerability from cvelistv5
Published
2024-02-16 18:54
Modified
2024-08-01 18:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BeyondTrust | Privilege Management for Windows |
Version: 1 < 24.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-18T00:44:16.042553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:00:12.988Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:20.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Privilege Management for Windows",
"vendor": "BeyondTrust",
"versions": [
{
"lessThan": "24.1",
"status": "affected",
"version": "1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues."
}
],
"value": "Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues."
}
],
"impacts": [
{
"capecId": "CAPEC-176",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-176 Configuration/Environment Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-16T18:54:33.382Z",
"orgId": "13061848-ea10-403d-bd75-c83a022c2891",
"shortName": "BT"
},
"references": [
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-02"
}
],
"source": {
"advisory": "BT24-02",
"discovery": "UNKNOWN"
},
"title": "Privilege Management for Windows \u003c 24.1 Information Leak",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
"assignerShortName": "BT",
"cveId": "CVE-2024-1591",
"datePublished": "2024-02-16T18:54:33.382Z",
"dateReserved": "2024-02-16T17:32:29.581Z",
"dateUpdated": "2024-08-01T18:48:20.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28369 (GCVE-0-2020-28369)
Vulnerability from cvelistv5
Published
2023-12-12 00:00
Modified
2024-08-04 16:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\Temp.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:59.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/privilege-management/windows-mac"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\\Temp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T14:54:01.302735",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.beyondtrust.com/privilege-management/windows-mac"
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-08"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28369",
"datePublished": "2023-12-12T00:00:00",
"dateReserved": "2020-11-09T00:00:00",
"dateUpdated": "2024-08-04T16:33:59.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12614 (GCVE-0-2020-12614)
Vulnerability from cvelistv5
Published
2023-12-12 00:00
Modified
2024-08-04 12:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "privilege_management_for_windows",
"vendor": "beyondtrust",
"versions": [
{
"lessThanOrEqual": "5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-12614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T20:26:25.299399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T20:26:28.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:21.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T14:19:45.920442",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12614",
"datePublished": "2023-12-12T00:00:00",
"dateReserved": "2020-05-01T00:00:00",
"dateUpdated": "2024-08-04T12:04:21.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0889 (GCVE-0-2025-0889)
Vulnerability from cvelistv5
Published
2025-02-26 01:41
Modified
2025-02-26 15:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BeyondTrust | Privilege Management for Windows |
Version: 0 < 25.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0889",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T14:46:53.686658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T15:43:14.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Privilege Management for Windows",
"vendor": "BeyondTrust",
"versions": [
{
"lessThan": "25.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process.\u0026nbsp;"
}
],
"value": "Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-268",
"description": "CWE-268",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T01:41:25.407Z",
"orgId": "13061848-ea10-403d-bd75-c83a022c2891",
"shortName": "BT"
},
"references": [
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-01"
}
],
"source": {
"advisory": "https://www.beyondtrust.com/trust-center/security-advisories/bt2",
"discovery": "UNKNOWN"
},
"title": "Privilege Management for Windows \u2013 Elevation of Privilege",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
"assignerShortName": "BT",
"cveId": "CVE-2025-0889",
"datePublished": "2025-02-26T01:41:25.407Z",
"dateReserved": "2025-01-30T17:52:42.202Z",
"dateUpdated": "2025-02-26T15:43:14.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49944 (GCVE-0-2023-49944)
Vulnerability from cvelistv5
Published
2023-12-25 00:00
Modified
2024-08-02 22:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/security"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt23-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-25T08:02:37.880259",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.beyondtrust.com/security"
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt23-08"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49944",
"datePublished": "2023-12-25T00:00:00",
"dateReserved": "2023-12-03T00:00:00",
"dateUpdated": "2024-08-02T22:09:49.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}