Beyondtrust Privilege_management_for_windows

12 CVEs affecting Beyondtrust Privilege_management_for_windows. Latest disclosed: 2025-07-28. Critical: 0, High: 8.

Top CVEs affecting Beyondtrust Privilege_management_for_windows
CVESeverityScorePublishedSummary
CVE-2020-12613High8.82023-12-11An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the securit…
CVE-2025-2297High7.82025-07-28Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user…
CVE-2025-0889High7.82025-02-26Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM o…
CVE-2020-28369High7.82023-12-12In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location…
CVE-2020-12614High7.82023-12-12An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher…
CVE-2020-12612High7.82023-12-12An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the…
CVE-2020-12615High7.82023-12-12An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs…
CVE-2021-42254High7.82021-11-19BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions.
CVE-2025-6250Medium6.72025-07-28Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the s…
CVE-2023-49944Medium6.72023-12-25The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by d…
CVE-2024-25083Medium6.32024-02-16An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When an low-privileged user initiates a repair, there is an attack vector…
CVE-2024-1591Low3.32024-02-16Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them…