Regarding CVE-2025-0889
https://nvd.nist.gov/vuln/detail/CVE-2025-0889
A vulnerability has been discovered in Privilege Management for Windows that allows for a local authenticated attacker to elevate privileges.
Prior to 25.2, a local authenticated attacker can elevate privileges via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process.
Further details about this CVE can be found here:
https://www.beyondtrust.com/trust-center/security-advisories/bt25-01
There is also a Support KB, How can the BT25-01 advisory for EPM-W be addressed?, here:
https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0022083