CVE-2025-49734

HIGH7.0EPSS 0.08%

PowerShell Direct Elevation of Privilege Vulnerability

Published: 10/3/2025Modified: 10/3/2025

Description

Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally.

Affected packages (1)

Bitnami/powershell>= 7.4.0, < 7.4.12, >= 7.5.0, < 7.5.3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.0	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References (2)

WEBhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49734
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2025-49734