Skip to main content
CVE-2025-8884 MEDIUM This Month

Authorization bypass via user-controlled key in ACE Center (VHS Electronic Software Ltd. Co.) allows a locally-authenticated low-privileged user to exploit trusted identifiers and access sensitive resources beyond their authorization level. Affected versions span 3.10.100.1768 through 3.10.161.2255, with high confidentiality impact (C:H) but no integrity or availability effect per the CVSS vector. No public exploit exists and EPSS sits at 0.02% (5th percentile), indicating no observed widespread exploitation at time of analysis.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-40005 MEDIUM PATCH This Month

Kernel crash in Linux kernel Cadence QSPI driver (cadence-quadspi) allows authenticated local attackers with moderate privileges to cause denial of service by unbinding the driver during active indirect read or write operations. The vulnerability affects Linux kernel versions including 6.17-rc1 through rc4 and potentially earlier versions; exploitation requires root access to force device removal, but the EPSS score of 0.01% indicates minimal real-world exploitation probability despite the availability of upstream fixes in stable kernel branches.

Denial Of Service Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy