Beyondtrust Privilege Management For Windows — known CVE vulnerabilities
Every CVE whose affected-product data names Beyondtrust Privilege Management For Windows, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2020-12613 — CVSS 8.8 (high): An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as…
CVE-2025-0889 — CVSS 7.8 (high): Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the…
CVE-2020-12614 — CVSS 7.8 (high): An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the…
CVE-2020-12615 — CVSS 7.8 (high): An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and…
CVE-2020-28369 — CVSS 7.8 (high): In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the…
CVE-2021-42254 — CVSS 7.8 (high): BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions.
CVE-2025-2297 — CVSS 7.8 (high): Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes…
CVE-2020-12612 — CVSS 7.8 (high): An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically…
CVE-2025-6250 — CVSS 6.7 (medium): Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper…
CVE-2023-49944 — CVSS 6.7 (medium): The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to…
CVE-2024-25083 — CVSS 6.3 (medium): An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When an low-privileged user initiates a repair, there…
CVE-2024-1591 — CVSS 3.3 (low): Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO…