Skip to main content
CVE-2025-43586 HIGH This Week

A remote code execution vulnerability (CVSS 8.1). High severity vulnerability requiring prompt remediation.

Adobe Privilege Escalation Commerce Commerce B2b Magento
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-26521 HIGH PATCH This Week

CVE-2025-26521 is a security vulnerability (CVSS 8.1). High severity vulnerability requiring prompt remediation.

Apache Information Disclosure Kubernetes Privilege Escalation Cloudstack
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-47968 HIGH PATCH This Week

CVE-2025-47968 is an improper input validation vulnerability in Microsoft AutoUpdate (MAU) that allows a locally authenticated attacker to achieve privilege escalation on affected systems. The vulnerability has a CVSS score of 7.8 (High), indicating significant impact with confidentiality, integrity, and availability compromise. Active exploitation status and proof-of-concept availability cannot be confirmed from provided data, but the local attack vector with low complexity and low privilege requirement suggests elevated real-world risk for multi-user or shared systems.

Microsoft Apple Privilege Escalation Autoupdate
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-20599 HIGH This Week

CVE-2023-20599 is an improper register access control vulnerability in AMD's ASP (AMD Secure Processor) that allows a privileged local attacker to gain unauthorized access to the Crypto Co-Processor (CCP) registers, potentially compromising cryptographic key management and leading to loss of confidentiality or integrity. The vulnerability affects AMD EPYC and Ryzen processors with ASP implementations. While the CVSS score of 7.9 indicates high severity, exploitation requires high privilege level (PR:H) and local access (AV:L), limiting real-world attack surface; however, this is an actively tracked vulnerability relevant to data center and workstation security.

Privilege Escalation Information Disclosure
NVD
CVSS 3.1
7.9
EPSS
0.0%
CVE-2025-47176 HIGH This Week

Local code execution vulnerability in Microsoft Office Outlook triggered by improper path traversal handling (CWE-35) in the '.../...//' sequence. Authorized users with local access can exploit this to execute arbitrary code with the privileges of the Outlook process, achieving high confidentiality, integrity, and availability impact. This vulnerability requires local access and existing user privileges but no user interaction, making it a significant risk for multi-user systems or compromised local accounts.

Microsoft Outlook Windows RCE 365 Apps +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-33075 HIGH PATCH This Week

Privilege escalation vulnerability in Windows Installer that exploits improper symlink/junction handling (CWE-59: link following) to allow an authorized local attacker to elevate privileges without user interaction. With a CVSS score of 7.8 and CVSS vector indicating local attack vector with low complexity and no user interaction required, this vulnerability affects Windows Installer across multiple versions. Real-world risk depends on KEV/CISA status and EPSS probability, which should be cross-referenced against active exploitation reports and POC availability.

Microsoft Windows Privilege Escalation Windows Server 2019 Windows Server 2025 +13
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-32718 HIGH PATCH This Week

CVE-2025-32718 is an integer overflow vulnerability in Windows SMB that allows a locally authenticated attacker to achieve privilege escalation with high impact to confidentiality, integrity, and availability. The vulnerability affects Windows operating systems' SMB implementation and has a CVSS score of 7.8 (High) with low attack complexity, making it a significant local privilege escalation risk for multi-user systems and domain environments.

Microsoft Windows Privilege Escalation Integer Overflow Windows Server 2012 +13
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2025-33050 HIGH PATCH This Week

Protection mechanism failure in Windows DHCP Server that enables network-based denial-of-service attacks without requiring authentication or user interaction. An attacker can remotely exploit this vulnerability to render DHCP services unavailable, disrupting network connectivity for affected systems. The high CVSS score of 7.5 and network attack vector indicate significant availability impact, though no confidentiality or integrity compromise occurs.

Microsoft Windows Dhcp Denial Of Service Windows Server 2025 +4
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2025-32725 HIGH PATCH This Week

Network-accessible denial-of-service vulnerability in Windows DHCP Server caused by a protection mechanism failure (CWE-693), allowing unauthenticated attackers to exhaust server availability without requiring authentication or user interaction. The vulnerability affects Windows DHCP Server implementations across multiple versions and has a CVSS severity of 7.5 (High). While the description does not explicitly reference KEV inclusion, active exploitation status, or EPSS data, the low attack complexity (AC:L) and network accessibility (AV:N) combined with no authentication requirements indicate this represents a credible denial-of-service threat to DHCP infrastructure.

Microsoft Windows Dhcp Denial Of Service Windows Server 2025 +4
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2025-32716 HIGH PATCH This Week

CVE-2025-32716 is an out-of-bounds read vulnerability in Windows Media that allows an authenticated local attacker to achieve privilege escalation on affected systems. The vulnerability has a CVSS score of 7.8 (high severity) due to its impact on confidentiality, integrity, and availability. Without confirmation of KEV status, active exploitation, or public POC availability from the provided data, the real-world risk assessment requires evaluation against the moderate attack complexity (local access required, authenticated user needed).

Microsoft Windows Privilege Escalation Windows Server 2022 Windows Server 2019 +11
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-32713 HIGH PATCH This Week

Heap-based buffer overflow vulnerability in the Windows Common Log File System (CLFS) Driver that allows local authenticated attackers to achieve privilege escalation with high confidence of exploitation. The vulnerability affects Windows systems with the CLFS driver enabled and requires local access with standard user privileges; successful exploitation grants complete system compromise including code execution at SYSTEM level. While no public POC is confirmed in available intelligence, the straightforward nature of heap overflows and the high CVSS score (7.8) with low attack complexity indicate active research interest and potential for rapid weaponization.

Microsoft Buffer Overflow Windows Privilege Escalation Windows 10 1809 +14
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-32712 HIGH PATCH This Week

Use-after-free vulnerability in the Windows Win32K graphics subsystem (GRFX component) that allows a locally authenticated attacker to achieve arbitrary code execution and privilege escalation without user interaction. The vulnerability affects Windows systems with affected Win32K versions and carries a CVSS score of 7.8 (high severity). Given the local attack vector requirement and the need for prior authentication, real-world exploitation is constrained to insider threats or attackers who have already achieved initial access; however, the severity of the impact (complete system compromise) makes this a critical priority for patching.

Use After Free Microsoft Windows Privilege Escalation Windows Server 2022 23h2 +14
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-32714 HIGH PATCH This Week

Local privilege escalation vulnerability in Windows Installer caused by improper access control (CWE-284) that allows an authorized local attacker to elevate privileges without user interaction. The vulnerability affects Windows Installer components across multiple Windows versions and has a CVSS score of 7.8 (High severity). Without confirmation of KEV status or active exploitation data, the high CVSS vector (Low attack complexity, Low privileges required) indicates this represents a significant risk to systems where local user accounts exist.

Microsoft Windows Privilege Escalation Windows 11 24h2 Windows Server 2022 23h2 +13
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-47962 HIGH PATCH This Week

CVE-2025-47962 is an improper access control vulnerability in Windows SDK that allows an authenticated local attacker to escalate privileges without user interaction. The vulnerability affects Windows SDK components and presents a high risk due to its CVSS score of 7.8 (High severity) with high impact on confidentiality, integrity, and availability. While no active exploitation in the wild (KEV status) or public POC has been confirmed at this time, the low attack complexity and requirement for only local user privileges make this a significant priority for Windows environments.

Microsoft Windows Privilege Escalation Windows Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-47955 HIGH PATCH This Week

Privilege escalation vulnerability in Windows Remote Access Connection Manager that allows an authenticated local attacker to elevate privileges to a higher integrity level without user interaction. The vulnerability affects Windows systems with Remote Access Connection Manager enabled and has a CVSS score of 7.8 (High severity). While no active exploitation in the wild has been publicly confirmed at this time, the local attack vector combined with low complexity and no user interaction requirement makes this a significant risk for multi-user or compromised systems where an attacker already has local access.

Microsoft Privilege Escalation Windows Windows Server 2022 Windows 10 1507 +13
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-47169 HIGH PATCH This Week

Heap-based buffer overflow vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability requires user interaction (opening a malicious document) but no elevated privileges, making it a significant local code execution threat affecting Word users who open untrusted documents.

Microsoft Buffer Overflow Windows RCE Office +5
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-47168 HIGH PATCH This Week

Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high severity (CVSS 7.8). The vulnerability requires user interaction (opening a malicious document) but grants complete system compromise through code execution. This is a memory safety issue (CWE-416) in Word's document processing engine that could be actively exploited if public POC becomes available.

Use After Free Microsoft Windows RCE Office Long Term Servicing Channel +5
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-47173 HIGH PATCH This Week

CVE-2025-47173 is an improper input validation vulnerability in Microsoft Office that allows local code execution without requiring user privileges, though user interaction is needed. An attacker with local access can craft a malicious Office document that, when opened by a user, executes arbitrary code with the privileges of the affected Office application. This vulnerability affects Microsoft Office products across multiple versions and poses a moderate-to-high risk given its local attack vector and high impact on confidentiality, integrity, and availability.

Microsoft RCE Windows Office Long Term Servicing Channel Office +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-47174 HIGH This Week

Heap-based buffer overflow vulnerability in Microsoft Office Excel that allows local attackers to execute arbitrary code with high privileges (confidentiality, integrity, and availability impact). The vulnerability requires user interaction (opening a malicious Excel file) but no special privileges, making it a practical threat to Excel users. With a CVSS score of 7.8 and local attack vector, this represents a significant code execution risk for organizations relying on Excel for document processing.

Microsoft Buffer Overflow Windows RCE Office Long Term Servicing Channel +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-47170 HIGH PATCH This Week

Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high impact (confidentiality, integrity, availability). The vulnerability requires user interaction (e.g., opening a malicious document) but has low attack complexity, making it a significant local code execution threat. Without confirmed KEV status or EPSS data provided, the CVSS 7.8 score indicates high severity, though real-world exploitability depends on whether public exploits or proofs-of-concept have emerged.

Microsoft Denial Of Service 365 Apps Office Long Term Servicing Channel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-43577 HIGH This Week

Use After Free (UAF) vulnerability in Adobe Acrobat Reader that allows arbitrary code execution with the privileges of the current user. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple release tracks. Exploitation requires user interaction (opening a malicious PDF file), but the high CVSS score of 7.8 and local attack vector indicate significant real-world risk; KEV and active exploitation status should be confirmed from official sources.

RCE Adobe Use After Free Acrobat Acrobat Dc +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-43576 HIGH This Week

A remote code execution vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.

RCE Adobe Denial Of Service Acrobat Reader Dc Acrobat +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-43574 HIGH This Week

Use After Free (UAF) vulnerability in Adobe Acrobat Reader affecting versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier that enables arbitrary code execution with the privileges of the current user. The vulnerability requires user interaction (opening a malicious PDF file) but has a high CVSS score of 7.8 due to the severity of potential code execution impact. Without confirmed KEV listing or public POC data provided, this represents a significant but not yet confirmed active threat.

RCE Adobe Use After Free Acrobat Dc Acrobat +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-43573 HIGH This Week

Use After Free (UAF) vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with high privilege context on affected systems. The vulnerability impacts multiple versions across different release branches (24.001.30235, 20.005.30763, 25.001.20521 and earlier), requiring only user interaction to trigger exploitation via malicious PDF files. With a CVSS score of 7.8 and no privilege escalation required, this represents a significant risk to enterprise and consumer users relying on Acrobat Reader for document handling.

RCE Adobe Use After Free Acrobat Reader Dc Acrobat Reader +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-43550 HIGH This Week

Use After Free vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with user-level privileges when a victim opens a malicious PDF file. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple product lines. This vulnerability requires user interaction but presents high severity due to memory corruption leading to code execution, with exploitation probability and active exploitation status dependent on available public exploits.

RCE Adobe Use After Free Acrobat Reader Acrobat Dc +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-43589 HIGH This Week

Use-after-free vulnerability in Adobe InDesign Desktop that allows arbitrary code execution with the privileges of the current user. Affected versions are InDesign ID20.2, ID19.5.3, and earlier; exploitation requires a victim to open a malicious file. This is a high-severity local vulnerability with user interaction required, but without confirmed active exploitation data or public POC availability indicated in the provided intelligence.

Use After Free RCE Adobe Indesign
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-5335 HIGH PATCH This Week

Privilege escalation vulnerability in Autodesk Installer applications where a maliciously crafted binary file exploits an untrusted search path to achieve NT AUTHORITY/SYSTEM level code execution. The vulnerability requires local user interaction (file download) but no privileges, making it a significant risk for Windows environments running Autodesk products. While CVSS 7.8 indicates high severity, the local attack vector and required user interaction limit the attack surface compared to remote exploits.

RCE Installer
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47107 HIGH This Week

Heap-based buffer overflow vulnerability in Adobe InCopy versions 20.2, 19.5.3 and earlier that allows arbitrary code execution with the privileges of the current user. The vulnerability requires user interaction (opening a malicious file) and presents a high-severity risk due to its direct code execution capability; exploitation likelihood and real-world attack status cannot be fully assessed without KEV confirmation or public POC availability.

Buffer Overflow RCE Adobe Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43575 HIGH This Week

CVE-2025-43575 is an out-of-bounds write vulnerability in Adobe Acrobat Reader that enables arbitrary code execution with high integrity and confidentiality impact. Affected versions include 24.001.30235, 20.005.30763, 25.001.20521 and earlier across multiple product lines. Exploitation requires user interaction (opening a malicious PDF), but once triggered, allows code execution in the context of the current user with no privilege elevation needed.

Buffer Overflow Adobe RCE Acrobat Dc Acrobat +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-30327 HIGH This Week

CVE-2025-30327 is an integer overflow vulnerability in Adobe InCopy that enables arbitrary code execution with the privileges of the current user. Versions 20.2, 19.5.3 and earlier are affected; exploitation requires a user to open a malicious file, making it a file-based attack vector with moderate attack complexity. The vulnerability has a CVSS score of 7.8 (high severity) with complete impact on confidentiality, integrity, and availability, though real-world exploitation depends on user interaction and file delivery success.

RCE Integer Overflow Adobe Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43588 HIGH This Week

A remote code execution vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.

Buffer Overflow RCE Adobe Substance 3d Sampler
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43581 HIGH This Week

CVE-2025-43581 is an out-of-bounds write vulnerability in Adobe Substance3D - Sampler (versions 5.0 and earlier) that enables arbitrary code execution within the current user's security context. The vulnerability requires user interaction-specifically opening a malicious file-making it a file-based attack vector. With a CVSS score of 7.8 and high impact ratings for confidentiality, integrity, and availability, this represents a significant local privilege escalation risk for affected users, though exploitation requires social engineering or file delivery mechanisms.

Buffer Overflow RCE Substance 3d Sampler
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47108 HIGH This Week

CVE-2025-47108 is an out-of-bounds write vulnerability in Adobe Substance3D Painter versions 11.0.1 and earlier that allows arbitrary code execution with user-level privileges. The vulnerability requires user interaction-specifically opening a malicious file-making it a file-based attack vector. While no CVSS:3.1 score of 7.8 indicates high severity with local attack surface, exploitation depends on social engineering to deliver the malicious file.

Buffer Overflow RCE Adobe Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43593 HIGH This Week

CVE-2025-43593 is an out-of-bounds write vulnerability in Adobe InDesign Desktop that enables arbitrary code execution with high severity (CVSS 7.8). Affected versions include ID20.2, ID19.5.3 and earlier on local systems. Exploitation requires user interaction (opening a malicious file), but once triggered, grants full code execution capabilities in the context of the current user. Current KEV and EPSS status unknown from provided data, but the local attack vector combined with user interaction requirement and high CVSS score indicates moderate-to-high real-world risk for targeted attacks against design professionals.

Buffer Overflow RCE Adobe Indesign
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43590 HIGH This Week

CVE-2025-43590 is an out-of-bounds write vulnerability in Adobe InDesign Desktop that allows arbitrary code execution with the privileges of the current user. Affected versions include ID20.2, ID19.5.3, and earlier releases. Exploitation requires user interaction-specifically opening a malicious file-but once triggered, grants an attacker full code execution capabilities in the context of the authenticated user.

Buffer Overflow RCE Adobe Indesign
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43558 HIGH This Week

A remote code execution vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.

Buffer Overflow RCE Adobe Indesign
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-30317 HIGH This Week

Heap-based buffer overflow vulnerability in Adobe InDesign Desktop that allows arbitrary code execution when a user opens a malicious file. Affected versions include InDesign ID20.2, ID19.5.3, and earlier. The vulnerability requires user interaction but presents high severity risk (CVSS 7.8) with potential for complete system compromise in the context of the affected user's privileges.

Buffer Overflow RCE Adobe Indesign
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-33056 HIGH PATCH This Week

Network-accessible denial-of-service vulnerability in Microsoft's Local Security Authority Server (lsasrv) caused by improper access control (CWE-284). An unauthenticated remote attacker can exploit this with low complexity to render the LSA service unavailable, affecting authentication and security policy enforcement on affected Windows systems. The CVSS 7.5 severity reflects the high availability impact; however, real-world risk depends on EPSS score, KEV candidacy status, and active exploitation data not provided in the source materials.

Microsoft Windows Denial Of Service Windows Server 2022 Windows 11 22h2 +13
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2025-40591 HIGH This Week

A security vulnerability in A vulnerability (CVSS 7.7). High severity vulnerability requiring prompt remediation.

Command Injection Siemens RCE Information Disclosure Privilege Escalation +1
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-37100 HIGH This Week

Path traversal vulnerability in HPE Aruba Networking Private 5G Core APIs that allows authenticated users to iteratively navigate the filesystem and download sensitive system files. The vulnerability affects the Private 5G Core platform with a CVSS score of 7.7 (high severity) due to confidentiality impact across system boundaries. While requiring low-privilege authentication and network access, successful exploitation directly exposes protected system files containing sensitive configuration and credential data.

Path Traversal Information Disclosure
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-42977 HIGH This Week

SAP NetWeaver Visual Composer contains a directory traversal vulnerability (CWE-22) that allows high-privileged users to bypass path validation controls and read or modify arbitrary files on the system. The vulnerability affects SAP NetWeaver Visual Composer across supported versions and has a CVSS score of 7.6 due to high confidentiality impact and network-accessible attack vector, though exploitation requires high privileges (PR:H). Exploitation likelihood and KEV/POC status cannot be confirmed from available data, but the high-privilege prerequisite significantly reduces real-world exploitability compared to the base CVSS score suggests.

SAP Path Traversal Information Disclosure
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2024-43706 HIGH PATCH This Week

CVE-2024-43706 is an improper authorization vulnerability in Kibana's Synthetic monitor endpoint that allows authenticated users to escalate privileges through direct HTTP requests. Attackers with low-level credentials can bypass access controls to perform unauthorized actions on synthetic monitoring functionality, potentially affecting confidentiality, integrity, and availability. While the CVSS 7.6 score indicates significant risk, real-world impact depends on deployment context and whether this vulnerability is actively exploited in the wild.

Elastic Privilege Escalation Authentication Bypass Kibana
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-27819 HIGH PATCH This Week

A remote code execution vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Denial Of Service Apache Java RCE Authentication Bypass +3
NVD GitHub HeroDevs
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-36575 HIGH PATCH This Week

A information disclosure vulnerability in an Exposure of Sensitive Information (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Information Disclosure Dell Wyse Management Suite
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-43701 HIGH This Week

CVE-2025-43701 is an Improper Preservation of Permissions vulnerability in Salesforce OmniStudio FlexCards that allows unauthenticated network attackers to read Custom Settings data without authorization. Affecting OmniStudio versions before 254, this high-severity flaw (CVSS 7.5) enables direct exposure of sensitive configuration data through a low-complexity attack requiring no user interaction or privileges. While KEV status and active exploitation details are not available in provided data, the combination of high CVSS score, unauthenticated attack vector, and direct confidentiality impact indicates significant real-world risk to Salesforce deployments storing sensitive configuration in Custom Settings.

Information Disclosure Salesforce Privilege Escalation
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43700 HIGH This Week

CVE-2025-43700 is an Improper Preservation of Permissions vulnerability in Salesforce OmniStudio FlexCards that allows unauthenticated network-based attackers to expose encrypted data without requiring user interaction. This high-impact confidentiality breach (CVSS 7.5) affects OmniStudio versions prior to Spring 2025 release and represents a significant risk to organizations using FlexCards for sensitive data handling, particularly given the low attack complexity and absence of privilege requirements.

Information Disclosure Salesforce Privilege Escalation
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43697 HIGH This Week

Improper Preservation of Permissions vulnerability in Salesforce OmniStudio's DataMapper component that allows unauthenticated network-based attackers to expose encrypted data without requiring user interaction. The vulnerability affects OmniStudio versions prior to Spring 2025 and carries a CVSS 7.5 (High) severity rating. While specific KEV status and EPSS data were not provided in the intelligence sources, the high CVSS score combined with unauthenticated access (AV:N, PR:N) indicates this is a significant exposure risk for organizations using affected OmniStudio deployments.

Information Disclosure Salesforce Privilege Escalation
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-42995 HIGH This Week

Denial-of-service vulnerability in SAP MDM Server's Read function that allows unauthenticated network attackers to trigger memory read access violations by sending specially crafted packets, causing the server process to crash and become unavailable. The vulnerability affects SAP MDM Server with a CVSS score of 7.5 (high severity) but is limited to availability impact with no confidentiality or integrity compromise. Status of active exploitation (KEV) and proof-of-concept availability are not specified in available intelligence.

SAP Denial Of Service Memory Corruption
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-42994 HIGH This Week

Denial-of-service vulnerability in SAP MDM Server's ReadString function that allows unauthenticated remote attackers to trigger memory read access violations causing unexpected server process termination. The vulnerability affects SAP Master Data Management (MDM) Server and has a CVSS score of 7.5 with high availability impact; no confidentiality or integrity compromise occurs. This is a network-accessible denial-of-service vector with low attack complexity and no authentication requirements, making it a significant availability risk for organizations deploying SAP MDM infrastructure.

SAP Denial Of Service Memory Corruption
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-40662 HIGH PATCH This Week

CVE-2025-40662 is an absolute path disclosure vulnerability in DM Corporative CMS that exposes sensitive filesystem information when an attacker requests non-existent files within the webroot/file directory. This high-severity information disclosure (CVSS 7.5) affects DM Corporative CMS users and allows unauthenticated remote attackers to enumerate and discover the absolute filesystem paths of the application, which typically precedes further exploitation. The vulnerability has not been confirmed as actively exploited in the wild (KEV status unknown from provided data), but represents a significant reconnaissance vector with minimal attack complexity.

Information Disclosure Path Traversal Dm Corporative Cms
NVD
CVSS 3.1
7.5
EPSS
0.1%
Prev Page 3 of 10 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy