CVE-2025-2297 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2025-2297?

CVE-2025-2297 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-2297?

Check the references section above for vendor advisories and patch information. Affected products include: Beyondtrust Privilege Management For Windows.

Vulnerability Description

Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Beyondtrust	Privilege Management For Windows	< 25.4.270

Related Weaknesses (CWE)

CWE-268

References

https://www.beyondtrust.com/trust-center/security-advisories/bt25-05Vendor Advisory

FAQ

What is CVE-2025-2297?

CVE-2025-2297 is a vulnerability with a CVSS score of 7.8 (HIGH). Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This a...

How severe is CVE-2025-2297?

CVE-2025-2297 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-2297?

Check the references section above for vendor advisories and patch information. Affected products include: Beyondtrust Privilege Management For Windows.