Monthly
Local privilege escalation in Sudo through 1.9.17p2 (fixed in commit 3e474c2) arises because a failed setuid, setgid, or setgroups call during the privilege drop that precedes invoking the mailer is treated as non-fatal, allowing the mailer to run with retained elevated privileges. Local users on systems where Sudo is configured to send mail can leverage this to gain root, with total technical impact per CISA SSVC. EPSS is 0.00% and there is no public exploit identified at time of analysis, consistent with SSVC marking exploitation as none.
Cosmic-greeter before PR #426 contains a privilege dropping race condition vulnerability (CWE-271) that allows local attackers to regain dropped privileges through TOCTOU timing manipulation during privilege validation checks. The vulnerability affects the Pop!_OS greeter application and could enable privilege escalation to perform actions with elevated permissions that should have been restricted.
CVE-2025-53819 is a privilege escalation vulnerability in Nix 2.30.0 on macOS where package builds are incorrectly executed with root privileges instead of restricted build user accounts. This affects macOS systems running Nix 2.30.0, allowing local attackers with standard user privileges to execute arbitrary code with root-level access during package builds. The vulnerability was patched in Nix 2.30.1, and no public exploits or known workarounds are currently available, though the high CVSS score (7.9) reflects the severity of privilege escalation with potential system-wide impact.
Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Stalwart Mail Server is an open-source mail server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Local privilege escalation in Sudo through 1.9.17p2 (fixed in commit 3e474c2) arises because a failed setuid, setgid, or setgroups call during the privilege drop that precedes invoking the mailer is treated as non-fatal, allowing the mailer to run with retained elevated privileges. Local users on systems where Sudo is configured to send mail can leverage this to gain root, with total technical impact per CISA SSVC. EPSS is 0.00% and there is no public exploit identified at time of analysis, consistent with SSVC marking exploitation as none.
Cosmic-greeter before PR #426 contains a privilege dropping race condition vulnerability (CWE-271) that allows local attackers to regain dropped privileges through TOCTOU timing manipulation during privilege validation checks. The vulnerability affects the Pop!_OS greeter application and could enable privilege escalation to perform actions with elevated permissions that should have been restricted.
CVE-2025-53819 is a privilege escalation vulnerability in Nix 2.30.0 on macOS where package builds are incorrectly executed with root privileges instead of restricted build user accounts. This affects macOS systems running Nix 2.30.0, allowing local attackers with standard user privileges to execute arbitrary code with root-level access during package builds. The vulnerability was patched in Nix 2.30.1, and no public exploits or known workarounds are currently available, though the high CVSS score (7.9) reflects the severity of privilege escalation with potential system-wide impact.
Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Stalwart Mail Server is an open-source mail server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.