No, nobody can.  If this is possible, I reckon this is a big security loophole, because any administrator with report generation permission can get passwords of ALL devices of the whole company and potentially access device data in any such device.   Does that make any sense?

The usual logic is to allow the administrator to either

1. temporarily clear the old password so that the device end-user is prompted to enter a new one when he/she access the device again.

OR

2. set a new passcode remotely on the device and inform the device end-user about the change.  If the administrator secretly change the passcode remotely to allow possibly illegal/unauthorized access to the device data,  it is unlikely that he/she can set the passcode back to the original passcode set by device end-user.  (Please note that other means for MDM administrator to bypass password in an attempt to steal user's data can leave other trace, and I don't want to go through them here).

Thank you so much, Raymond!