CVE-2025-0889

Summary

Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process.

Affected Software

VendorProductVersion RangeStatus
BeyondTrustPrivilege Management for Windows0 < 25.2affected

Weaknesses

  • CWE-268: CWE-268

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References