Cyber Resilience

CVE-2025-66374

HighLPE

Published: 03 February 2026

Published
03 February 2026
Modified
28 February 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 1.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-66374 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Cyberark Endpoint Privilege Manager. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-66374 is a privilege escalation vulnerability affecting the CyberArk Endpoint Privilege Manager Agent through version 25.10.0. It allows a local user to elevate privileges via policy elevation of an Administration task. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-269 (Improper Privilege Management), though additional CWE details are unavailable from NVD.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, typically resulting in full system privilege escalation on the affected endpoint.

CyberArk addresses this issue in the Endpoint Privilege Manager release notes for version 25.12 under the security section, along with security advisory CA26-01 and their product security page. Security practitioners should consult these resources for patch details, upgrade instructions, and mitigation guidance.

EU & UK References

Vulnerability details

CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct local privilege escalation via improper policy elevation in endpoint agent maps to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-2914Same product: Cyberark Endpoint Privilege Manager
CVE-2024-44250Shared CWE-269
CVE-2024-53706Shared CWE-269
CVE-2026-28995Shared CWE-269
CVE-2025-43199Shared CWE-269
CVE-2025-36640Shared CWE-269
CVE-2025-8899Shared CWE-269
CVE-2024-47770Shared CWE-269
CVE-2025-24254Shared CWE-269
CVE-2025-27639Shared CWE-269

Affected Assets

cyberark
endpoint privilege manager
≤ 25.10.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly addresses the specific privilege escalation vulnerability in the CyberArk Endpoint Privilege Manager Agent by applying patches released in version 25.12.

prevent

Least privilege ensures local users and processes operate with minimal access rights, preventing escalation via flawed policy elevation of administration tasks.

prevent

Account management includes reviewing and restricting privileges to counter improper privilege management allowing low-privileged local users to elevate to administrator.

References