| CVE ID | CVE-2025-63374 |
| CVSS SCORE | 7.0, AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| AFFECTED VENDORS |
CyberArk |
| AFFECTED PRODUCTS |
Endpoint Privilege Management |
| VULNERABILITY DETAILS |
This vulnerability allows local attackers to escalate privileges on affected installations of CyberArk Endpoint Privilege Management. An attacker must first obtain a low-privileged interactive user session on the target system in order to exploit this vulnerability. The specific flaw exists within the CyberArk EPM agent. When allowing a low-privileged user to perform permitted administrative activities, the agent does not properly circumscribe the user's actions. An attacker can leverage this vulnerability to escalate privileges and arbitrary execute code in the context of an administrator at high integrity. |
| ADDITIONAL DETAILS |
Fixed in version 25.12 |
| DISCLOSURE TIMELINE |
|
| CREDIT | Nikolett Sipos & Nabeel Ahmed from NTT Belgium |
