CVE-2024-25083

An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When an low-privileged user initiates a repair, there is an attack vector through which the user is able to execute any program with elevated privileges.

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.beyondtrust.com/trust-center/security-advisories/bt24-01	Vendor Advisory
https://www.beyondtrust.com/trust-center/security-advisories/bt24-01	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*

History

27 Mar 2025, 14:26

Type	Values Removed	Values Added
References	~~() https://www.beyondtrust.com/trust-center/security-advisories/bt24-01 -~~	() https://www.beyondtrust.com/trust-center/security-advisories/bt24-01 - Vendor Advisory
First Time		Beyondtrust Beyondtrust privilege Management For Windows
CPE		cpe:2.3:a:beyondtrust:privilege_management_for_windows::::::::

21 Nov 2024, 09:00

Type	Values Removed	Values Added
References	~~() https://www.beyondtrust.com/trust-center/security-advisories/bt24-01 -~~	() https://www.beyondtrust.com/trust-center/security-advisories/bt24-01 -

28 Aug 2024, 16:35

Type	Values Removed	Values Added
Summary		(es) Se descubrió un problema en BeyondTrust Privilege Management para Windows antes de la versión 24.1. Cuando un usuario con pocos privilegios inicia una reparación, existe un vector de ataque a través del cual el usuario puede ejecutar cualquier programa con privilegios elevados.
CWE		CWE-266

16 Feb 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-16 21:15

Updated : 2025-03-27 14:26

NVD link : CVE-2024-25083

Mitre link : CVE-2024-25083

CVE.ORG link : CVE-2024-25083

JSON object : View

Products Affected

beyondtrust

privilege_management_for_windows

CWE

CWE-266

Incorrect Privilege Assignment

{"id": "CVE-2024-25083", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.0}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-02-16T21:15:08.260", "references": [{"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-01", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-01", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-266"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When an low-privileged user initiates a repair, there is an attack vector through which the user is able to execute any program with elevated privileges."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en BeyondTrust Privilege Management para Windows antes de la versi\u00f3n 24.1. Cuando un usuario con pocos privilegios inicia una reparaci\u00f3n, existe un vector de ataque a trav\u00e9s del cual el usuario puede ejecutar cualquier programa con privilegios elevados."}], "lastModified": "2025-03-27T14:26:40.907", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCA4D726-9CA4-40F5-8779-2DDE3E39B9CB", "versionEndExcluding": "24.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

6.3 /10