CVE-2025-2297
HIGHDescription
Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| beyondtrust | privilege_management_for_windows |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-2297? +
How severe is CVE-2025-2297? +
What products are affected by CVE-2025-2297? +
How do I check if I'm vulnerable to CVE-2025-2297? +
Related Vulnerabilities
An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login …
A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During …
OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the …
Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated …
Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via …
Privilege chaining issue exists in the installer of e-Tax software(common program). If this vulnerability is exploited, a malicious DLL prepared …