Beyondtrust Privilege_management_for_windows
12 CVEs affecting Beyondtrust Privilege_management_for_windows. Latest disclosed: 2025-07-28. Critical: 0, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-12613 | High | 8.8 | 2023-12-11 | An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the securit… |
CVE-2025-2297 | High | 7.8 | 2025-07-28 | Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user… |
CVE-2025-0889 | High | 7.8 | 2025-02-26 | Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM o… |
CVE-2020-28369 | High | 7.8 | 2023-12-12 | In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location… |
CVE-2020-12614 | High | 7.8 | 2023-12-12 | An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher… |
CVE-2020-12612 | High | 7.8 | 2023-12-12 | An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the… |
CVE-2020-12615 | High | 7.8 | 2023-12-12 | An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs… |
CVE-2021-42254 | High | 7.8 | 2021-11-19 | BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions. |
CVE-2025-6250 | Medium | 6.7 | 2025-07-28 | Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the s… |
CVE-2023-49944 | Medium | 6.7 | 2023-12-25 | The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by d… |
CVE-2024-25083 | Medium | 6.3 | 2024-02-16 | An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When an low-privileged user initiates a repair, there is an attack vector… |
CVE-2024-1591 | Low | 3.3 | 2024-02-16 | Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them… |