Cyber Resilience

CVE-2025-0889

High

Published: 26 February 2025

Published
26 February 2025
Modified
31 July 2025
KEV Added
Patch
CVSS Score v4 7.2 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0003 10.5th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0889 is a high-severity Privilege Chaining (CWE-268) vulnerability in Beyondtrust Privilege Management For Windows. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 10.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-0889 is a privilege escalation vulnerability in Privilege Management for Windows versions prior to 25.2. It stems from the manipulation of COM objects under certain circumstances where an EPM policy allows automatic privilege elevation of a user process. Published on 2025-02-26, the issue carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-268.

A local authenticated attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction. Exploitation enables privilege elevation on the affected system, resulting in high impacts to confidentiality, integrity, and availability.

The BeyondTrust security advisory BT25-01, available at https://www.beyondtrust.com/trust-center/security-advisories/bt25-01, addresses mitigation for this vulnerability.

EU & UK References

Vulnerability details

Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user…

more

process.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct local privilege escalation via COM object manipulation abusing EPM policy for automatic elevation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-3888Shared CWE-268
CVE-2026-1731Same vendor: Beyondtrust
CVE-2021-3156Same vendor: Beyondtrust

Affected Assets

beyondtrust
privilege management for windows
≤ 25.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation by patching Privilege Management for Windows to version 25.2 or later directly eliminates the privilege escalation vulnerability via COM object manipulation.

prevent

Least privilege enforcement restricts EPM policies from allowing unnecessary automatic elevations that enable COM-based privilege escalation.

prevent

Access enforcement mechanisms mediate and restrict unauthorized access to COM objects, mitigating improper privilege elevation under permissive policies.

References