Cyber Posture

CVE-2025-66374

HighLPE

Published: 03 February 2026

Published
03 February 2026
Modified
28 February 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 0.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-66374 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Cyberark Endpoint Privilege Manager. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Flaw remediation directly addresses the specific privilege escalation vulnerability in the CyberArk Endpoint Privilege Manager Agent by applying patches released in version 25.12.

AC-6 Least Privilege good match
prevent

Least privilege ensures local users and processes operate with minimal access rights, preventing escalation via flawed policy elevation of administration tasks.

AC-2 Account Management good match
prevent

Account management includes reviewing and restricting privileges to counter improper privilege management allowing low-privileged local users to elevate to administrator.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Direct local privilege escalation via improper policy elevation in endpoint agent maps to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task.

Deeper analysisAI

CVE-2025-66374 is a privilege escalation vulnerability affecting the CyberArk Endpoint Privilege Manager Agent through version 25.10.0. It allows a local user to elevate privileges via policy elevation of an Administration task. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-269 (Improper Privilege Management), though additional CWE details are unavailable from NVD.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, typically resulting in full system privilege escalation on the affected endpoint.

CyberArk addresses this issue in the Endpoint Privilege Manager release notes for version 25.12 under the security section, along with security advisory CA26-01 and their product security page. Security practitioners should consult these resources for patch details, upgrade instructions, and mitigation guidance.

Details

CWE(s)
NVD-CWE-noinfoCWE-269

Affected Products

cyberark
endpoint privilege manager
≤ 25.10.0

CVEs Like This One

CVE-2026-2914Same product: Cyberark Endpoint Privilege Manager
CVE-2026-2777Shared CWE-269
CVE-2025-48613Shared CWE-269
CVE-2026-35595Shared CWE-269
CVE-2025-64487Shared CWE-269
CVE-2025-67905Shared CWE-269
CVE-2024-13376Shared CWE-269
CVE-2025-26705Shared CWE-269
CVE-2025-37186Shared CWE-269
CVE-2026-24510Shared CWE-269

References