Description
A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions <=25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product’s anti-tamper protections, which could allow access to protected application components and the ability to modify product configuration.
Published: 2026-02-02
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Configuration Modification
Action: Patch
AI Analysis

Impact

A medium‑severity flaw exists in BeyondTrust Privilege Management for Windows versions 25.7 and earlier. When a local user with elevated privileges follows a specific sequence of actions, the software’s anti‑tamper checks can be bypassed. The vulnerability originates from a lack of proper validation of configuration changes (CWE‑693) and permits the attacker to interact with protected components and alter product settings. This could compromise the integrity of the privilege management service and lead to broader system compromise.

Affected Systems

The affected product is BeyondTrust Privilege Management for Windows, with affected releases up to version 25.7. Any installation of these versions on Windows hosts is vulnerable.

Risk and Exploitability

The CVSS score of 6.8 indicates a moderate risk, and the EPSS score of less than 1 % suggests a very low likelihood of public exploitation at present. The vulnerability is not listed in the CISA KEV catalog, so it has not yet been confirmed as a known exploited vulnerability. Nonetheless, a local privileged user—such as a system administrator or a software developer with elevated rights—can trigger the exploit, making the attack vector local. An adversary with access to the host can leverage this to modify the configuration and potentially gain unauthorized control over privileged functions.

Generated by OpenCVE AI on April 18, 2026 at 00:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued security update that removes the anti‑tamper bypass flaw.
  • Restrict or remove unnecessary local accounts that have elevated privileges on the affected machines.
  • Enable audit logging for configuration changes and monitor for unauthorized tampering attempts.

Generated by OpenCVE AI on April 18, 2026 at 00:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 04 Feb 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Beyondtrust
Beyondtrust privilege Management For Windows
Vendors & Products Beyondtrust
Beyondtrust privilege Management For Windows

Mon, 02 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Feb 2026 16:30:00 +0000

Type Values Removed Values Added
Description A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions <=25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product’s anti-tamper protections, which could allow access to protected application components and the ability to modify product configuration.
Title Anti-Tamper Bypass in BeyondTrust Privilege Management for Windows
Weaknesses CWE-693
References
Metrics cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Beyondtrust Privilege Management For Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: BT

Published:

Updated: 2026-02-02T16:35:48.876Z

Reserved: 2026-01-20T15:30:42.757Z

Link: CVE-2026-1232

cve-icon Vulnrichment

Updated: 2026-02-02T16:35:33.992Z

cve-icon NVD

Status : Deferred

Published: 2026-02-02T17:16:16.780

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-1232

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T00:45:32Z

Weaknesses