CVE-2025-2297

EUVD-2025-22929
Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Affected Products (NVD)
VendorProductVersion
beyondtrustprivilege_management_for_windows
𝑥
< 25.4.270
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.beyondtrust.com/trust-center/security-advisories/bt25-05