Advisory ID: BT25-05
CVSSv4 Score: 7.2
CVSSv4 Vector AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Severity: High
Issue Date: 2025-07-28
Updated On: 2025-07-28
CVE(s): CVE-2025-2297
CWE: CWE-268
Synopsis: Privilege Management for Windows – Elevation of Privilege
Impacted: Privilege Management for Windows
Summary
A vulnerability has been discovered in Privilege Management for Windows that allows for a local authenticated attacker to elevate privileges.
Details
Prior to version 25.4, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator. This issue has been fixed in version 25.4.270.0
At the time of posting this advisory, all cloud tenants are upgraded to 25.4. Customers can push version 25.4.270.0 to clients to remediate this vulnerability.
Mitigation
For versions prior to 25.4.270.0,
Avoid using “forever” challenge response auto elevation permissions.
Monitor HKEY_USERS\[sid]\Software\Avecto\Privilege Guard Client\ChallengeResponseCache\[sha256sum] for any existing “forever” response entries and make changes to the EPM policy if there are legitimate business needs instead of using forever responses.
Affected Versions
Product | Version |
|---|---|
Privilege Management for Windows | Prior to 25.4.270.0 |
Fixed Versions
Product | Version |
|---|---|
Privilege Management for Windows | 25.4.270.0 and later |
Known Issues
If you encounter issues with domain account authentication after upgrading to version 25.4, we suggest updating to version 25.4.270.0 or newer.
Acknowledgements
We would like to thank Lukasz Piotrowski and Marius Kotlarz for reporting this vulnerability responsibly.