CVE-2025-0889
Published: 26 February 2025
Summary
CVE-2025-0889 is a high-severity Privilege Chaining (CWE-268) vulnerability in Beyondtrust Privilege Management For Windows. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 10.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-0889 is a privilege escalation vulnerability in Privilege Management for Windows versions prior to 25.2. It stems from the manipulation of COM objects under certain circumstances where an EPM policy allows automatic privilege elevation of a user process. Published on 2025-02-26, the issue carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-268.
A local authenticated attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction. Exploitation enables privilege elevation on the affected system, resulting in high impacts to confidentiality, integrity, and availability.
The BeyondTrust security advisory BT25-01, available at https://www.beyondtrust.com/trust-center/security-advisories/bt25-01, addresses mitigation for this vulnerability.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-5326
Vulnerability details
Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user…
more
process.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct local privilege escalation via COM object manipulation abusing EPM policy for automatic elevation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation by patching Privilege Management for Windows to version 25.2 or later directly eliminates the privilege escalation vulnerability via COM object manipulation.
Least privilege enforcement restricts EPM policies from allowing unnecessary automatic elevations that enable COM-based privilege escalation.
Access enforcement mechanisms mediate and restrict unauthorized access to COM objects, mitigating improper privilege elevation under permissive policies.