Vulnerability cyber

BeyondTrust

Jul 30, 2025 1 min read
BeyondTrust

A significant security vulnerability, designated as CVE-2025-2297, has been discovered in BeyondTrust’s Privilege Management for Windows solution. This vulnerability allows local authenticated attackers to escalate their privileges to the administrator level by manipulating user profile files and challenge response codes. The flaw affects all versions before 25.4.270.0 and has been classified as high severity with a CVSSv4 score of 7.2. The improper handling of these files enables attackers to manipulate the Windows registry, gaining unauthorized administrative access. The vulnerability is particularly concerning because it requires only local access and basic user privileges to execute.

Source: https://cybersecuritynews.com/beyondtrust-privilege-management-for-windows/

TPRM report: https://scoringcyber.rankiteo.com/company/beyondtrust

"id": "bey408073025",
"linkid": "beyondtrust",
"type": "Vulnerability",
"date": "7/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"
{'affected_entities': [{'industry': 'Cybersecurity',
                        'name': 'BeyondTrust',
                        'type': 'Software Company'}],
 'attack_vector': 'Local authenticated attackers manipulating user profile '
                  'files and challenge response codes',
 'description': 'A significant security vulnerability has been discovered in '
                'BeyondTrust’s Privilege Management for Windows solution, '
                'allowing local authenticated attackers to escalate their '
                'privileges to the administrator level.',
 'impact': {'systems_affected': 'BeyondTrust Privilege Management for Windows'},
 'motivation': 'Gain unauthorized administrative access',
 'post_incident_analysis': {'corrective_actions': 'Update to version '
                                                  '25.4.270.0 or later',
                            'root_causes': 'Improper handling of user profile '
                                           'files and challenge response '
                                           'codes'},
 'recommendations': ['Update to version 25.4.270.0 or later',
                     "Disable 'forever' challenge responses until patched",
                     "Monitor affected registry location for 'forever' "
                     'response entries'],
 'references': [{'source': 'Security Researchers Lukasz Piotrowski and Marius '
                           'Kotlarz'}],
 'response': {'enhanced_monitoring': 'Monitor affected registry location for '
                                     "'forever' response entries",
              'remediation_measures': 'Update to version 25.4.270.0 or later, '
                                      "disable 'forever' challenge responses"},
 'title': 'BeyondTrust Privilege Management for Windows Vulnerability',
 'type': 'Privilege Escalation',
 'vulnerability_exploited': 'CVE-2025-2297'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.