Privilege Escalation

Privilege escalation vulnerability in Trend Micro Apex One's scan engine that exploits improper link handling to allow local attackers to escalate privileges. The vulnerability affects Trend Micro Apex One installations and requires an attacker to first obtain low-privileged code execution on the target system. While no active exploitation in the wild has been confirmed at this time, the CVSS score of 7.0 indicates a high-severity local privilege escalation risk for organizations running vulnerable versions.

CVE-2025-49154 is an insecure access control vulnerability (CWE-284) in Trend Micro Apex One and Worry-Free Business Security that allows a local attacker with low-privileged code execution to overwrite critical memory-mapped files, potentially compromising system security and stability. With a CVSS score of 8.7 and low attack complexity, this vulnerability poses a significant risk to enterprise security postures, though exploitation requires prior code execution access. No active KEV confirmation or public POC availability is documented in standard vulnerability databases at this time.

A privilege escalation vulnerability (CVSS 7.5) that allows a user. High severity vulnerability requiring prompt remediation.

Local privilege escalation vulnerability in Citrix Workspace app for Windows that allows low-privileged users to gain SYSTEM-level privileges through an improper privilege management flaw (CWE-269). The vulnerability has a CVSS score of 7.8 (High) with low attack complexity and no user interaction required, making it a significant local threat. Status of KEV inclusion, active exploitation, and proof-of-concept availability cannot be confirmed from provided data, but the combination of high CVSS and local attack vector suggests meaningful real-world risk for organizations running Citrix Workspace on Windows endpoints.

Critical privilege escalation vulnerability in FreeIPA that allows authenticated users with high privileges to create Kerberos services with the same canonical name (krbCanonicalName) as the realm administrator, enabling them to obtain administrative credentials. The vulnerability affects FreeIPA default configurations where uniqueness validation is not enforced, allowing attackers to retrieve Kerberos tickets with admin@REALM credentials and perform unrestricted administrative operations. With a CVSS 9.1 score and network-accessible attack vector, this represents a severe threat to FreeIPA-based identity infrastructures, particularly in environments where service creation permissions are delegated or insufficiently restricted.

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the conda_forge_webservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privilege escalation and host compromise if a vulnerability is exploited. This issue has been patched in version 2025.3.24.

Local privilege escalation vulnerability in Citrix Secure Access Client for Windows that allows an authenticated, low-privileged user to escalate their privileges to SYSTEM level without user interaction. The vulnerability affects the Citrix Secure Access Client application on Windows systems and represents a critical threat to enterprise environments where this client is deployed, as successful exploitation grants complete system control. The CVSS 7.8 score and confirmed local attack vector indicate this is a material risk for any organization using this software, though exploitation requires prior local access to an affected system.

Conda-build versions prior to 25.4.0 are vulnerable to path traversal (Tarslip) attacks that allow unauthenticated remote attackers to write arbitrary files outside intended extraction directories by crafting malicious tar archives with directory traversal sequences. This critical vulnerability (CVSS 9.8) affects all users and systems utilizing conda-build for package compilation, with potential for privilege escalation and code execution depending on target file locations and system permissions.

Critical permissions bypass vulnerability in Google Chrome OS 16181.27.0 that allows local attackers to disable extensions and gain unauthorized access to Developer Mode on managed Chrome devices. The vulnerability is exploited using the ExtHang3r and ExtPrint3r tools to load arbitrary extensions, affecting enterprise-managed deployments with a CVSS score of 9.8 (critical severity). Active exploitation status and proof-of-concept availability should be verified through CISA KEV and security advisories.

Local privilege escalation vulnerability in Google ChromeOS MiniOS that allows unauthenticated attackers to achieve root code execution by exploiting an accessible debug shell (VT3 console) through specific key combinations during developer mode entry, circumventing device policy restrictions and Firmware Write Protect mechanisms. This vulnerability affects ChromeOS version 16063.45.2 and potentially other versions on enrolled devices, with a CVSS score of 7.4 indicating high severity. The attack requires local access and specific technical knowledge of key sequences, but no user interaction is needed once device access is obtained.

A security vulnerability in Apache Tomcat installer for Windows (CVSS 8.4). High severity vulnerability requiring prompt remediation.

Privilege escalation flaw in authd's temporary user record handling during pre-authentication NSS operations that causes first-time SSH login users to be incorrectly assigned root group membership within their session context. This allows authenticated users (PR:L) to gain elevated group privileges over the network (AV:N) with low complexity, affecting system confidentiality (C:H) and integrity (I:L). The vulnerability has a high CVSS score of 8.5, though real-world exploitation requires valid login credentials and depends on authentication infrastructure specifics.

IBM Security Verify Directory Container versions 10.0.0.0 through 10.0.3.1 contain a privilege escalation vulnerability allowing local users to execute arbitrary commands as root. The vulnerability stems from the application running with unnecessary elevated privileges, enabling authenticated local attackers to escalate permissions without user interaction. This is a high-severity local privilege escalation affecting containerized deployments of IBM's identity and access management solution.

Privilege escalation vulnerability in IBM Backup, Recovery and Media Services (BRMS) for i versions 7.4 and 7.5 that exploits unqualified library calls in compiled or restored programs. An authenticated user with compile or restore capabilities can inject malicious code that executes with elevated component access to the IBM i operating system, achieving full system compromise. This is a high-severity issue affecting enterprise backup infrastructure, though it requires valid credentials and medium attack complexity to exploit.

A security vulnerability in versions (CVSS 8.0). Risk factors: public PoC available. Vendor patch is available.

Local privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-administrative users to arbitrarily delete system files with SYSTEM privileges. This vulnerability has a CVSS score of 8.8 (High) and could enable local attackers to compromise system integrity and gain elevated privileges. The attack requires local access but no user interaction, making it a significant risk for multi-user Windows systems running vulnerable Tenable Agent versions.

The WP Travel Engine plugin for WordPress contains a missing capability check in the delete_package() function, allowing unauthenticated attackers to delete arbitrary posts without authentication. This vulnerability affects all versions up to and including 6.5.1 and results in unauthorized data loss with a CVSS score of 7.5. The vulnerability is network-accessible with no user interaction required, making it a significant integrity risk for WordPress installations running vulnerable plugin versions.

The REST API | Custom API Generator For Cross Platform And Import Export plugin for WordPress (versions 1.0.0-2.0.3) contains a critical privilege escalation vulnerability where the process_handler() function lacks capability checks, allowing unauthenticated attackers to create administrator accounts via malicious JSON imports. With a CVSS score of 9.8 and network-based attack vector requiring no user interaction, this is a severe, likely actively exploited vulnerability affecting any WordPress installation using vulnerable plugin versions.

CVE-2025-4232 is an improper neutralization of wildcards vulnerability in Palo Alto Networks GlobalProtect app for macOS that allows non-administrative users to escalate privileges to root through the log collection feature. With a CVSS score of 8.8 and requiring only low complexity remote network access with low privileges, this vulnerability presents a critical privilege escalation risk. The attack requires user interaction only at the network level (not UI) and affects the confidentiality, integrity, and availability of affected systems.

Command injection vulnerability in Palo Alto Networks PAN-OS that allows an authenticated administrative user to execute arbitrary commands with root privileges. The vulnerability requires network access to the management web interface and successful authentication, making it a post-authentication remote code execution flaw. While the CVSS score of 7.2 is moderately high, the requirement for administrative credentials significantly limits its practical exploitability in most environments.

Command injection vulnerability in Palo Alto Networks PAN-OS that allows authenticated administrators with CLI access to bypass system restrictions and execute arbitrary commands with root privileges. The vulnerability affects on-premises PAN-OS deployments with CVSS 8.4, but risk is significantly reduced in environments where CLI access is restricted to a limited administrative group. Cloud NGFW and Prisma Access are not affected.

CVE-2025-4228 is a security vulnerability (CVSS 4.6) that allows an authenticated administrative user. Remediation should follow standard vulnerability management procedures.

Dell iDRAC Tools versions prior to 11.3.0.0 contain an improper access control vulnerability (CWE-284) that allows low-privileged local attackers to escalate privileges without user interaction. The CVSS 7.8 score reflects high confidentiality, integrity, and availability impact. While no CVE-2025-27689 entry exists in public KEV catalogs or active exploitation databases at this time, the local attack vector with low complexity and low privilege requirements indicates this is a practical privilege escalation risk for organizations running vulnerable iDRAC Tool versions on multi-user systems.

Privilege escalation vulnerability in UpdateNavi and UpdateNaviInstallService that allows local authenticated attackers to modify arbitrary registry values or execute arbitrary code through improper communication channel restrictions. Affected versions include UpdateNavi V1.4 L10-L33 and UpdateNaviInstallService 1.2.0091-1.2.0125. With a CVSS score of 7.1 and local attack vector requiring low privileges, this vulnerability poses significant risk to systems running vulnerable versions, particularly in scenarios where local user accounts have network access or elevation paths.

A remote code execution vulnerability (CVSS 9.2). Critical severity with potential for significant impact on affected systems.

An incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access.

DLL hijacking vulnerability in ClipShare Server for Windows (versions prior to 3.8.5) that allows local, non-privileged users to achieve arbitrary code execution and potential privilege escalation by placing malicious DLLs in the application directory. The vulnerability exploits Windows' default DLL search order, where the application directory is searched before system paths, and poses a reliable privilege escalation risk when ClipShare is run by elevated users. This is a local attack requiring write access to the installation directory.

CVE-2025-3473 is a security vulnerability (CVSS 6.7) that allows a local privileged user. Remediation should follow standard vulnerability management procedures.

Local privilege escalation vulnerability in Mozilla VPN for macOS that allows an authenticated local user to escalate privileges from normal user to root. This affects Mozilla VPN versions below 2.28.0 on macOS exclusively. An attacker with local access can exploit this without user interaction to gain complete system control, making it a critical risk for multi-user systems or compromised local accounts.

CubeWP - All-in-One Dynamic Content Framework plugin for WordPress versions up to 1.1.23 contains a privilege escalation vulnerability that allows authenticated attackers with Subscriber-level access to elevate their privileges to administrator through arbitrary user meta manipulation. The vulnerability exploits improper access controls on the update_user_meta() function, enabling account takeover and full site compromise. No active exploitation in the wild has been confirmed at this time, but the low attack complexity and high impact make this a critical remediation priority.

Critical command injection vulnerability in u-link Management API that allows unauthenticated remote attackers positioned as man-in-the-middle (MITM) to inject arbitrary commands into WWH server responses, which are then executed with elevated privileges. The vulnerability requires clients to use insecure proxy configurations to exploit, resulting in complete system compromise (CVSS 9.8). While no public POC or KEV listing is available at publication, the attack vector is network-based with low complexity, making this a significant priority for organizations using u-link with proxy infrastructure.

Critical CSRF vulnerability affecting network devices that allows unauthenticated remote attackers to execute arbitrary commands with root privileges by exploiting missing CSRF protections. The vulnerability requires minimal user interaction and presents an exceptionally high real-world risk due to its network-accessible attack vector, root-level command execution capability, and lack of authentication requirements. Active exploitation status and proof-of-concept availability should be confirmed through CISA KEV and exploit databases, as this combination of factors (no auth + remote + root RCE) typically indicates urgent patch deployment.

The WordPress Automatic Plugin (all versions up to 3.115.0) contains an arbitrary file upload vulnerability in core.php due to insufficient file type validation, allowing authenticated attackers with Author-level or higher privileges to upload malicious files and potentially achieve remote code execution. This is a high-severity vulnerability (CVSS 8.8) affecting a widely-deployed WordPress plugin; real-world exploitation requires valid WordPress credentials at Author level or above, but successful exploitation enables complete server compromise.

Critical Secure Boot bypass vulnerability in UEFI firmware affecting systems with improper digital signature verification in the NVRAM variable validation process. Attackers with local access and low privileges can create malicious non-authenticated NVRAM variables to bypass signature verification mechanisms, enabling execution of arbitrary signed UEFI code and circumventing Secure Boot protections. This vulnerability requires local access and non-trivial complexity but impacts core boot security; real-world exploitation likelihood and active KEV status are critical factors pending vendor disclosure.

Local privilege escalation vulnerability in Archify's privileged helper tool (com.oct4pie.archifyhelper) that fails to validate client code signatures, entitlements, or signing flags over XPC. Any local process can invoke the helper to execute arbitrary file operations (deletion, permission changes) with root privileges. With a CVSS score of 7.8 and CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, this vulnerability requires local access and low privileges but enables complete system compromise; KEV status, EPSS score, patch availability, and POC status are not provided in available intelligence sources.

Privilege escalation vulnerability in the ws.stash.app.mac.daemon.helper tool on macOS that allows unprivileged local users to invoke privileged operations via XPC by exploiting improper authorization validation. The helper incorrectly uses its own root context to validate authorization rather than the client's, enabling attackers to modify system-wide network proxy settings (SOCKS, HTTP, HTTPS) and perform man-in-the-middle attacks. With a CVSS score of 7.8 and low attack complexity, this vulnerability presents significant risk to macOS systems running affected versions of the Stash application.

A privilege escalation vulnerability in Apache CloudStack (CVSS 8.8) that allows the attacker. High severity vulnerability requiring prompt remediation.

A privilege escalation vulnerability in Apache CloudStack (CVSS 8.8) that allows the attacker. High severity vulnerability requiring prompt remediation.

Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized elevated access. Exploitation of this issue does not require user interaction.

CVE-2025-46840 is an Improper Authorization vulnerability in Adobe Experience Manager (AEM) versions 6.5.22 and earlier that allows low-privileged attackers to escalate privileges and bypass security controls, potentially achieving session takeover. The vulnerability requires user interaction and has a CVSS score of 8.7 with high confidentiality and integrity impact. While no active exploitation in the wild (KEV status) or public proof-of-concept is currently documented, the network-accessible attack vector and low attack complexity combined with privilege escalation capabilities make this a high-priority patch candidate for organizations running affected AEM instances.

CVE-2025-26521 is a security vulnerability (CVSS 8.1). High severity vulnerability requiring prompt remediation.

The CloudStack Quota plugin has an improper privilege management logic in version 4.20.0.0. Anyone with authenticated user-account access in CloudStack 4.20.0.0 environments, where this plugin is enabled and have access to specific APIs can enable or disable reception of quota-related emails for any account in the environment and list their configurations. Quota plugin users using CloudStack 4.20.0.0 are recommended to upgrade to CloudStack version 4.20.1.0, which fixes this issue.

CVE-2025-47968 is an improper input validation vulnerability in Microsoft AutoUpdate (MAU) that allows a locally authenticated attacker to achieve privilege escalation on affected systems. The vulnerability has a CVSS score of 7.8 (High), indicating significant impact with confidentiality, integrity, and availability compromise. Active exploitation status and proof-of-concept availability cannot be confirmed from provided data, but the local attack vector with low complexity and low privilege requirement suggests elevated real-world risk for multi-user or shared systems.

CVE-2025-47962 is an improper access control vulnerability in Windows SDK that allows an authenticated local attacker to escalate privileges without user interaction. The vulnerability affects Windows SDK components and presents a high risk due to its CVSS score of 7.8 (High severity) with high impact on confidentiality, integrity, and availability. While no active exploitation in the wild (KEV status) or public POC has been confirmed at this time, the low attack complexity and requirement for only local user privileges make this a significant priority for Windows environments.

Privilege escalation vulnerability in Windows Remote Access Connection Manager that allows an authenticated local attacker to elevate privileges to a higher integrity level without user interaction. The vulnerability affects Windows systems with Remote Access Connection Manager enabled and has a CVSS score of 7.8 (High severity). While no active exploitation in the wild has been publicly confirmed at this time, the local attack vector combined with low complexity and no user interaction requirement makes this a significant risk for multi-user or compromised systems where an attacker already has local access.

Local privilege escalation vulnerability in IBM AIX 7.3 and IBM VIOS 4.1.1's Perl implementation that allows non-privileged local users to execute arbitrary code through improper pathname neutralization (path traversal). With a CVSS score of 8.4 and no authentication requirement, this represents a critical risk for AIX environments where local user access exists. The vulnerability's active exploitation status and proof-of-concept availability would significantly elevate real-world risk.

Privilege escalation vulnerability in Windows Installer that exploits improper symlink/junction handling (CWE-59: link following) to allow an authorized local attacker to elevate privileges without user interaction. With a CVSS score of 7.8 and CVSS vector indicating local attack vector with low complexity and no user interaction required, this vulnerability affects Windows Installer across multiple versions. Real-world risk depends on KEV/CISA status and EPSS probability, which should be cross-referenced against active exploitation reports and POC availability.

Local privilege escalation vulnerability in the Windows Kernel stemming from improper privilege management (CWE-269), allowing an unauthenticated attacker with local system access to escalate privileges without user interaction. This affects multiple Windows versions and has a CVSS 8.4 severity rating indicating high confidentiality, integrity, and availability impact. The vulnerability's low attack complexity (AC:L) and lack of privilege requirements (PR:N) indicate it is relatively straightforward to exploit for any local attacker.

Privilege escalation vulnerability in Windows Recovery Driver caused by improper symlink/hardlink resolution (CWE-59: link following) that allows an authenticated local attacker to elevate privileges to SYSTEM level. The vulnerability requires user interaction and local code execution capability but provides complete system compromise once exploited. With a CVSS score of 7.3 and local attack vector, this poses significant risk to multi-user Windows systems, particularly in enterprise environments where standard users have local access.

CVE-2025-32718 is an integer overflow vulnerability in Windows SMB that allows a locally authenticated attacker to achieve privilege escalation with high impact to confidentiality, integrity, and availability. The vulnerability affects Windows operating systems' SMB implementation and has a CVSS score of 7.8 (High) with low attack complexity, making it a significant local privilege escalation risk for multi-user systems and domain environments.

CVE-2025-32716 is an out-of-bounds read vulnerability in Windows Media that allows an authenticated local attacker to achieve privilege escalation on affected systems. The vulnerability has a CVSS score of 7.8 (high severity) due to its impact on confidentiality, integrity, and availability. Without confirmation of KEV status, active exploitation, or public POC availability from the provided data, the real-world risk assessment requires evaluation against the moderate attack complexity (local access required, authenticated user needed).

Local privilege escalation vulnerability in Windows Installer caused by improper access control (CWE-284) that allows an authorized local attacker to elevate privileges without user interaction. The vulnerability affects Windows Installer components across multiple Windows versions and has a CVSS score of 7.8 (High severity). Without confirmation of KEV status or active exploitation data, the high CVSS vector (Low attack complexity, Low privileges required) indicates this represents a significant risk to systems where local user accounts exist.

Heap-based buffer overflow vulnerability in the Windows Common Log File System (CLFS) Driver that allows local authenticated attackers to achieve privilege escalation with high confidence of exploitation. The vulnerability affects Windows systems with the CLFS driver enabled and requires local access with standard user privileges; successful exploitation grants complete system compromise including code execution at SYSTEM level. While no public POC is confirmed in available intelligence, the straightforward nature of heap overflows and the high CVSS score (7.8) with low attack complexity indicate active research interest and potential for rapid weaponization.

Use-after-free vulnerability in the Windows Win32K graphics subsystem (GRFX component) that allows a locally authenticated attacker to achieve arbitrary code execution and privilege escalation without user interaction. The vulnerability affects Windows systems with affected Win32K versions and carries a CVSS score of 7.8 (high severity). Given the local attack vector requirement and the need for prior authentication, real-world exploitation is constrained to insider threats or attackers who have already achieved initial access; however, the severity of the impact (complete system compromise) makes this a critical priority for patching.

An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.6.0 through 7.6.1, FortiProxy 7.4.0 through 7.4.7, FortiWeb 7.6.0 through 7.6.1, FortiWeb 7.4.0 through 7.4.6 allows an authenticated attacker with at least read-only admin permissions to gain super-admin privileges via crafted requests to Node.js websocket module.

CVE-2024-43706 is an improper authorization vulnerability in Kibana's Synthetic monitor endpoint that allows authenticated users to escalate privileges through direct HTTP requests. Attackers with low-level credentials can bypass access controls to perform unauthorized actions on synthetic monitoring functionality, potentially affecting confidentiality, integrity, and availability. While the CVSS 7.6 score indicates significant risk, real-world impact depends on deployment context and whether this vulnerability is actively exploited in the wild.

CVE-2023-20599 is an improper register access control vulnerability in AMD's ASP (AMD Secure Processor) that allows a privileged local attacker to gain unauthorized access to the Crypto Co-Processor (CCP) registers, potentially compromising cryptographic key management and leading to loss of confidentiality or integrity. The vulnerability affects AMD EPYC and Ryzen processors with ASP implementations. While the CVSS score of 7.9 indicates high severity, exploitation requires high privilege level (PR:H) and local access (AV:L), limiting real-world attack surface; however, this is an actively tracked vulnerability relevant to data center and workstation security.

Adobe Commerce versions 2.4.8 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability (CVE-2025-47110, CVSS 8.4) in form field validation that allows high-privileged attackers to inject malicious JavaScript into the application. When other high-privileged users view pages containing the injected payload, the malicious script executes in their browser context, potentially compromising confidentiality, integrity, and availability across multiple privileged accounts. The vulnerability requires high privileges to exploit but affects other high-privileged users, making it a significant concern in multi-admin environments.

A remote code execution vulnerability (CVSS 8.1). High severity vulnerability requiring prompt remediation.

A security vulnerability in A vulnerability (CVSS 7.7). High severity vulnerability requiring prompt remediation.

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.

A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.1), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (All versions < V3.1), SCALANCE XC332 (6GK5332-0GA00-2AC2) (All versions < V3.1), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (All versions < V3.1), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (All versions < V3.1), SCALANCE XC432 (6GK5432-0GR00-2AC2) (All versions < V3.1), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.1), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.1), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.1), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-2AR3) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-3AR3) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-4AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-2AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-3AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-4AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-2AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-3AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-4AR3) (All versions < V3.1), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-2AR3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-3AR3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-4AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-2AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-3AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-4AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-2AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-3AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-4AR3) (All versions < V3.1), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.1), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.1), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.1), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.1). Affected devices contain an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with "guest" role to invoke an internal "do system" command which exceeds their privileges. This command allows the execution of certain low-risk actions, the most critical of which is clearing the local system log.

Cryptographic weakness in Ivanti Workspace Control versions before 10.19.10.0 where a hardcoded encryption key is embedded in the application, allowing authenticated local attackers to decrypt stored environment passwords. This vulnerability enables privilege escalation and lateral movement within affected environments. The CVSS 7.3 score reflects high confidentiality and integrity impact, though exploitation requires local access and user authentication; KEV and active exploitation status are not confirmed in available intelligence.

CVE-2025-43701 is an Improper Preservation of Permissions vulnerability in Salesforce OmniStudio FlexCards that allows unauthenticated network attackers to read Custom Settings data without authorization. Affecting OmniStudio versions before 254, this high-severity flaw (CVSS 7.5) enables direct exposure of sensitive configuration data through a low-complexity attack requiring no user interaction or privileges. While KEV status and active exploitation details are not available in provided data, the combination of high CVSS score, unauthenticated attack vector, and direct confidentiality impact indicates significant real-world risk to Salesforce deployments storing sensitive configuration in Custom Settings.

CVE-2025-43700 is an Improper Preservation of Permissions vulnerability in Salesforce OmniStudio FlexCards that allows unauthenticated network-based attackers to expose encrypted data without requiring user interaction. This high-impact confidentiality breach (CVSS 7.5) affects OmniStudio versions prior to Spring 2025 release and represents a significant risk to organizations using FlexCards for sensitive data handling, particularly given the low attack complexity and absence of privilege requirements.

A remote code execution vulnerability (CVSS 9.1). Critical severity with potential for significant impact on affected systems.

Improper Preservation of Permissions vulnerability in Salesforce OmniStudio's DataMapper component that allows unauthenticated network-based attackers to expose encrypted data without requiring user interaction. The vulnerability affects OmniStudio versions prior to Spring 2025 and carries a CVSS 7.5 (High) severity rating. While specific KEV status and EPSS data were not provided in the intelligence sources, the high CVSS score combined with unauthenticated access (AV:N, PR:N) indicates this is a significant exposure risk for organizations using affected OmniStudio deployments.

Privilege escalation vulnerability affecting service accounts through excessively permissive sudo rules that could allow elevation to administrative privileges. The vulnerability requires local access and lower privileges to exploit (CVSS 7.0), but notably, no actual exploitation vector has been identified in the wild. While the CVSS score indicates high impact potential, the absence of a confirmed attack vector and lack of active exploitation signals suggest this is a configuration hardening issue rather than an immediately critical threat.

A arbitrary file access vulnerability (CVSS 8.8). Risk factors: public PoC available.

The RH - Real Estate WordPress Theme contains an Improper Access Control vulnerability (CWE-269) that allows authenticated subscribers and higher-privileged users to escalate their account privileges to administrator level through the inspiry_update_profile() function. All versions up to and including 4.4.0 are affected; versions 4.4.0 contain a partial patch while 4.4.1 provides complete remediation. With a CVSS score of 8.8 and network-based attack vector requiring only low-privilege authentication, this represents a critical privilege escalation risk for any WordPress installation using this theme.

Privilege escalation vulnerability in RFC inbound processing that fails to enforce proper authorization checks for authenticated users, allowing attackers to escalate privileges and critically compromise application integrity and availability. The vulnerability affects authenticated users (PR:L) with network accessibility (AV:N) and has a critical CVSS score of 9.6; without access to KEV, EPSS, or POC data, assessment indicates high real-world risk due to the low attack complexity (AC:L) and cross-boundary impact (S:C) combined with authentication bypass in authorization logic.

High-severity authentication bypass vulnerability in SAP Business Warehouse and SAP Plug-In Basis that allows authenticated attackers to drop arbitrary database tables, resulting in data loss or system unavailability. The vulnerability requires valid credentials but no user interaction, affecting systems across the network with a CVSS score of 8.5. While integrity impact is limited (attacker cannot read data), availability impact is severe, making this a critical integrity and availability threat for SAP deployments.

A security vulnerability in version 4.0.0 and (CVSS 9.0) that allows capturing of env variables. Risk factors: EPSS 41% exploitation probability, public PoC available. Vendor patch is available.

Missing Authorization (CWE-862) vulnerability in WP Swings Membership For WooCommerce that allows unauthenticated attackers to access functionality not properly constrained by Access Control Lists (ACLs). The vulnerability affects versions up to and including 2.8.1 of this WordPress/WooCommerce plugin, enabling unauthorized users to bypass membership restrictions and potentially access premium features or sensitive membership data without valid credentials. With a CVSS score of 7.5 and a network-accessible attack vector requiring no privileges or user interaction, this represents a significant exposure risk for e-commerce sites relying on this plugin for membership management.

CVE-2025-48129 is an Incorrect Privilege Assignment vulnerability (CWE-266) in Holest Engineering's Spreadsheet Price Changer for WooCommerce and WP E-commerce - Light plugin that allows unauthenticated remote attackers to escalate privileges and gain complete control over affected WordPress installations. The vulnerability affects versions up to and including 2.4.37, with a critical CVSS 9.8 score indicating network-exploitable, low-complexity privilege escalation requiring no authentication or user interaction. Active exploitation status and proof-of-concept availability would significantly elevate real-world risk given the plugin's direct access to WooCommerce/WP E-commerce price modification functionality.

CVE-2025-47561 is an Incorrect Privilege Assignment vulnerability in PT Norther Lights Production MapSVG that allows authenticated users to escalate their privileges within the application. Affected versions are MapSVG prior to 8.6.13. An attacker with low-privilege login credentials can exploit this flaw to gain high-impact unauthorized access to sensitive data, modify critical information, and potentially disrupt service availability.

Missing Authorization vulnerability (CWE-862) in the Icegram Collect WordPress plugin versions up to 1.3.18 that allows authenticated attackers with low privileges to exploit misconfigured access controls. An attacker with a valid WordPress user account can modify or delete form data and potentially cause service disruption by leveraging inadequate authorization checks on sensitive operations, with no confidentiality impact but significant integrity and availability risks.

CVE-2025-23974 is an Incorrect Privilege Assignment vulnerability in ifkooo One-Login that enables unauthenticated remote privilege escalation. Versions 1.4 and earlier are affected, allowing attackers to gain high-impact unauthorized access to sensitive functions without user interaction. The CVSS 8.1 score reflects significant risk, though the high attack complexity (AC:H) suggests exploitation requires specific conditions; KEV/POC status and active exploitation data are not available in provided intelligence.

Wasp framework versions prior to 0.16.6 contain a critical OAuth/OpenID Connect implementation flaw where user IDs are improperly lowercased before storage and authentication, violating specification requirements. This affects only Keycloak deployments configured with case-sensitive user IDs, enabling attackers to impersonate users, trigger account collisions, and escalate privileges. While the CVSS score of 8.2 reflects high integrity impact, real-world risk is constrained to Keycloak with specific non-default configuration, and no public exploit or KEV designation has been reported.

CVE-2025-40670 is an incorrect authorization vulnerability in TCMAN's GIM (Gestion Integrada de Mantenimiento) v11 that allows an authenticated but unprivileged attacker to escalate privileges by creating new users with elevated permissions through an insecure API endpoint. An attacker with valid (low-privilege) credentials can POST to /PC/frmGestionUser.aspx/updateUser to arbitrarily assign administrative or other high-privilege roles to newly created accounts, resulting in complete system compromise. This vulnerability represents a critical privilege escalation risk in maintenance management systems, potentially affecting industrial and critical infrastructure environments that rely on TCMAN for asset management.

A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as problematic. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains, that "[t]he Python data source is disabled by default and is clearly marked in our documentation as discouraged due to its security implications. Users who choose to enable it are doing so at their own risk, with full awareness that it bypasses standard safeguards."

A security vulnerability in A vulnerability classified as critical (CVSS 8.0). Risk factors: public PoC available.

Post-authentication command injection vulnerability in the AT+MNPINGTM command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. An authenticated local attacker can exploit this CWE-88 argument injection flaw to achieve privilege escalation, gaining high-confidentiality and high-integrity impact. The vulnerability remains generally unfixed at the time of CVE publication, indicating active exposure in deployed systems.

Post-authentication command injection vulnerability in the AT+MNNETSP command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, allowing authenticated local users to achieve privilege escalation through improper argument delimiter neutralization. With a CVSS 7.1 score, high confidentiality and integrity impact, and no widespread patch availability at disclosure, this vulnerability poses a moderate-to-significant risk to organizations deploying these industrial LTE modems. The post-authentication requirement limits immediate exposure but represents a critical internal threat vector for privilege escalation once system access is obtained.

Post-authentication command injection vulnerability in the AT+MMNAME command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, allowing authenticated local attackers to escalate privileges through argument delimiter manipulation (CWE-88). With a CVSS score of 7.1 and no general fix available at publication, this vulnerability represents a moderate-to-high risk for organizations deploying these industrial/embedded LTE communication devices. The post-authentication requirement and local attack vector limit exposure, but privilege escalation impact is significant.

Post-authentication command injection vulnerability in the AT+MFRULE command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, allowing authenticated local attackers to achieve privilege escalation through improper argument delimiter neutralization (CWE-88). With a CVSS score of 7.1 and no general fix available at publication, this vulnerability presents a moderate-to-high risk for systems where local authentication access can be obtained. The vulnerability has not been reported as actively exploited in public KEV catalogs, but the lack of available patches and the privilege escalation potential warrant immediate assessment and mitigation planning.

Post-authentication command injection vulnerability in the AT+MFPORTFWD command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. An authenticated local attacker can exploit improper argument delimiter neutralization (CWE-88) to achieve privilege escalation, potentially gaining unauthorized access to system resources. As of the CVE publication date, no general fix has been released, and the vulnerability carries a CVSS score of 7.1 with high confidentiality and integrity impact.

Post-authentication command injection vulnerability in the AT+MFMAC command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. An authenticated local attacker can exploit improper argument delimiter neutralization (CWE-88) to achieve privilege escalation, gaining high-confidence access to sensitive system functions and data. As of the CVE publication date, no general fix has been released, and the vulnerability remains unpatched across affected product lines.

Post-authentication command injection vulnerability in the AT+MFIP command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, enabling authenticated local attackers to achieve privilege escalation through improper argument delimiter neutralization (CWE-88). With a CVSS 7.1 score and no indication of general fixes at publication, this vulnerability presents a moderate-to-high risk for systems using affected modem/gateway products; exploitation requires local access and valid credentials but no user interaction.

moPS App through version 1.8.618 contains a critical authentication bypass vulnerability (CVE-2024-55585, CVSS 9.0) that allows all authenticated users to access administrative API endpoints without proper authorization checks, enabling unrestricted read and write operations including password resets. This vulnerability is particularly severe as it requires only low privileges (PR:L) to exploit via network access, and the /api/v1/users/resetpassword endpoint demonstrates direct administrative function access. No KEV or active exploitation data is referenced, but the high CVSS score and authentication bypass nature suggest significant real-world risk if exploited.