How to fix CVE-2025-66374?

Within 24 hours: Identify all systems running Endpoint Privilege Manager versions up to 25.10.0 and isolate them from production networks if possible; document the inventory and affected user populations. Within 7 days: Contact the vendor for available workarounds and timeline for patch release; implement network segmentation to restrict access to affected endpoints from untrusted sources. Within 30 days: Establish a patching plan with the vendor; deploy any interim security updates; conduct security monitoring for suspicious privilege escalation attempts on affected systems.

Is Endpoint Privilege Manager affected by CVE-2025-66374?

Endpoint Privilege Manager versions up to 25.10.0 contain a privilege escalation vulnerability that could allow attackers to gain unauthorized administrative access to affected systems.

CVE-2025-66374

HIGH

2026-02-03 [email protected]

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Feb 03, 2026 - 18:16 nvd

HIGH 7.8

Description

CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task.

Analysis

Endpoint Privilege Manager versions up to 25.10.0 is affected by improper privilege management (CVSS 7.8).

Technical Context

This vulnerability (CWE-269: Improper Privilege Management) affects Endpoint Privilege Manager. CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task.

Affected Products

Vendor: Cyberark. Product: Endpoint Privilege Manager. Versions: up to 25.10.0.

Remediation

Monitor vendor advisories for a patch.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +39

POC: 0

CVE-2025-66374 vulnerability details – vuln.today

Back

CVE-2025-66374

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-66374

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code