CVE-2025-2297 | THREATINT

Description

Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.

PUBLISHED Reserved 2025-03-13 | Published 2025-07-28 | Updated 2025-07-28 | Assigner BT

HIGH: 7.2CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-268

Product status

Default status

unaffected

Any version before <25.4.270

affected

Credits

Lukasz Piotrowski reporter

Marius Kotlarz reporter

References

www.beyondtrust.com/trust-center/security-advisories/bt25-05

cve.org (CVE-2025-2297)

nvd.nist.gov (CVE-2025-2297)

Download JSON