BeyondTrust: CVE-2025-2297 & CVE-2025-6250
We would like to inform you about two recently published high severity vulnerabilities in Privilege Management for Windows.
Summary
· CVE-2025-2297: This high severity vulnerability in Privilege Management for Windows allows for a local authenticated attacker to elevate privileges.
· CVE-2025-6250: This high severity vulnerability in Privilege Management for Windows allows for a local authenticated attacker with elevated privileges to bypass anti-tamper protections.
Who May Be Impacted
Privilege Management for Windows customers on the versions prior to 25.4.270.0
Resolution and Mitigation
Both vulnerabilities have been addressed in Privilege Management for Windows 25.4.270.0. At the time of the CVE’s release on July 28th, all cloud tenants will have been upgraded to 25.4. Customers can push version 25.4.270.0 to clients to remediate this vulnerability.
Want to dive deeper? Check it out here: