CVE-2025-6250 HIGH

CVE-2025-6250: Privilege Management for Windows - Elevation of Privilege

Vendor Beyondtrust
Product Privilege Management for Windows
Weakness CWE-424
Published July 28, 2025
Last update July 28, 2025

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.

Key dates

02Disclosure timeline

July 28, 2025 CVE published
July 28, 2025 Record updated