CVE-2025-0889

Name of the Vulnerable Software and Affected Versions Privilege Management for Windows versions prior to 25.2

Description A local authenticated attacker can elevate privileges on a system via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process.

Recommendations For versions prior to 25.2, update to version 25.2 or later to resolve the issue. As a temporary workaround, consider restricting the automatic privilege elevation of user processes in EPM policies to minimize the risk of exploitation.