BeyondTrust, a leading provider of privileged access management solutions, has issued a security advisory addressing a critical vulnerability in its Privilege Management for Windows software. The vulnerability, tracked as CVE-2025-0889 and assigned a CVSSv4 score of 7.2, could allow a local authenticated attacker to elevate their privileges on a compromised system.
According to the advisory, the vulnerability exists in versions of Privilege Management for Windows prior to 25.2. “A local authenticated attacker can elevate privileges via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process,” BeyondTrust explained in their security notification.
This vulnerability stems from the way Privilege Management for Windows handles COM objects and their associated permissions. An attacker who has already gained access to a system, even with limited privileges, could exploit this flaw to gain elevated privileges, potentially leading to complete control over the affected machine.
BeyondTrust has released version 25.2 of Privilege Management for Windows to address this vulnerability. Users of affected versions are strongly urged to update to the latest release as soon as possible.
In addition to updating to the latest version, BeyondTrust also provides several mitigation strategies for organizations that may not be able to immediately update their software. These include:
- Blocking COM Objects Based on Publisher: System administrators can create rules to block COM objects that require elevation based on their publisher, limiting the potential for abuse.
- Setting Process Mitigations: Enabling process mitigations, such as Code Integrity Guard, for applications elevated by Privilege Management for Windows can prevent the loading of unsigned DLLs, further mitigating the risk.
- Monitoring and Preventing Registry Modifications: Using Group Policy Objects to prevent users from modifying specific registry hives can also help mitigate this vulnerability.
BeyondTrust credits Wilson, Jared, and David L. Andrews from Bank of America’s GIS Red Team for discovering and reporting this vulnerability.
Organizations using BeyondTrust Privilege Management for Windows are advised to review the security advisory and take the necessary steps to mitigate the risk posed by this vulnerability.
Related Posts:
- CISA Warns of Active Exploitation of Critical Flaws in BeyondTrust and Qlik Sense
- CVE-2024-12356 (CVSS 9.8): Critical Vulnerability in BeyondTrust PRA and RS Enables Remote Code Execution
- Okta’s Security Breach Puts Businesses on Alert
- “The Com” Phishing Attacks Escalate, Targeting Businesses with Fake Login Pages
- Google Project Zero team found a Windows zero-day vulnerability
