CVE-2025-0889
HIGHDescription
Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| beyondtrust | privilege_management_for_windows |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-0889? +
How severe is CVE-2025-0889? +
What products are affected by CVE-2025-0889? +
How do I check if I'm vulnerable to CVE-2025-0889? +
Related Vulnerabilities
An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login …
A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During …
OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the …
Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated …
Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into …
Privilege chaining issue exists in the installer of e-Tax software(common program). If this vulnerability is exploited, a malicious DLL prepared …