{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6250", "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891", "state": "PUBLISHED", "assignerShortName": "BT", "dateReserved": "2025-06-18T18:48:28.860Z", "datePublished": "2025-07-28T15:40:28.381Z", "dateUpdated": "2025-07-28T17:22:45.226Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Privilege Management for Windows", "vendor": "BeyondTrust", "versions": [{"lessThan": "<25.4.270", "status": "affected", "version": "0", "versionType": "cpe"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "MSG Systems AG"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.&nbsp;"}], "value": "Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-424", "description": "CWE-424", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "13061848-ea10-403d-bd75-c83a022c2891", "shortName": "BT", "dateUpdated": "2025-07-28T15:40:28.381Z"}, "references": [{"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-06"}], "source": {"advisory": "bt25-06", "discovery": "UNKNOWN"}, "title": "Privilege Management for Windows - Elevation of Privilege", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-28T17:22:35.364250Z", "id": "CVE-2025-6250", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-28T17:22:45.226Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6250", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-28T17:22:35.364250Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-28T17:22:40.297Z"}}], "cna": {"title": "Privilege Management for Windows - Elevation of Privilege", "source": {"advisory": "bt25-06", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "MSG Systems AG"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "BeyondTrust", "product": "Privilege Management for Windows", "versions": [{"status": "affected", "version": "0", "lessThan": "<25.4.270", "versionType": "cpe"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-06"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.", "supportingMedia": [{"type": "text/html", "value": "Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.&nbsp;", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-424", "description": "CWE-424"}]}], "providerMetadata": {"orgId": "13061848-ea10-403d-bd75-c83a022c2891", "shortName": "BT", "dateUpdated": "2025-07-28T15:40:28.381Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6250", "state": "PUBLISHED", "dateUpdated": "2025-07-28T17:22:45.226Z", "dateReserved": "2025-06-18T18:48:28.860Z", "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891", "datePublished": "2025-07-28T15:40:28.381Z", "assignerShortName": "BT"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "CACA5CC9-5E12-47FC-B648-72565C004484", "versionEndExcluding": "25.4.270", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions."}, {"lang": "es", "value": "Antes de la versi\u00f3n 25.4.270.0, al elevar wmic.exe con un token de administrador completo, el usuario pod\u00eda detener el servicio Defendpoint, omitiendo as\u00ed las protecciones antimanipulaci\u00f3n. Una vez deshabilitado el servicio, el usuario malintencionado pod\u00eda agregarse al grupo de administradores y ejecutar cualquier proceso con permisos elevados."}], "id": "CVE-2025-6250", "lastModified": "2025-08-04T13:45:22.730", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "13061848-ea10-403d-bd75-c83a022c2891", "type": "Secondary"}]}, "published": "2025-07-28T16:15:24.947", "references": [{"source": "13061848-ea10-403d-bd75-c83a022c2891", "tags": ["Vendor Advisory"], "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-06"}], "sourceIdentifier": "13061848-ea10-403d-bd75-c83a022c2891", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-424"}], "source": "13061848-ea10-403d-bd75-c83a022c2891", "type": "Secondary"}]}

{}