Skip to main content

Privilege Escalation

13302 CVEs technique

Monthly

CVE-2025-22836 HIGH This Week

Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 8.8). No vendor patch available.

Intel Privilege Escalation Linux Integer Overflow Linux Kernel
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2025-21096 LOW Monitor

Improper buffer restrictions in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. Rated low severity (CVSS 2.0). No vendor patch available.

Buffer Overflow Privilege Escalation Intel
NVD
CVSS 4.0
1.8
EPSS
0.0%
CVE-2025-21093 MEDIUM This Month

Uncontrolled search path element for some Intel(R) Driver & Support Assistant Tool software before version 24.6.49.8 may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-21086 MEDIUM This Month

Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Linux Intel Linux Kernel
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-20627 MEDIUM This Month

Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20109 HIGH PATCH This Month

Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.3). No vendor patch available.

Privilege Escalation Intel Suse
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-20099 MEDIUM This Month

Improper access control for some Intel(R) Rapid Storage Technology installation software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Authentication Bypass Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20093 HIGH This Month

Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Linux Intel Linux Kernel
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-20092 MEDIUM This Month

Uncontrolled search path for some Clock Jitter Tool software before version 6.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20087 MEDIUM This Month

Incorrect default permissions for some Intel(R) oneAPI DPC++/C++ Compiler software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20074 HIGH This Week

Time-of-check Time-of-use race condition for some Intel(R) Connectivity Performance Suite software installers before version 40.24.11210 may allow an authenticated user to potentially enable. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-20053 HIGH PATCH This Week

Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Privilege Escalation Intel Suse
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-20048 MEDIUM This Month

Uncontrolled search path for the Intel(R) Trace Analyzer and Collector software all verions may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20037 MEDIUM This Month

Time-of-check time-of-use race condition in firmware for some Intel(R) Converged Security and Management Engine may allow a privileged user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 6.8). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-20023 MEDIUM This Month

Incorrect default permissions for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20017 MEDIUM This Month

Uncontrolled search path for some Intel(R) oneAPI Toolkit and component software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-40767 HIGH This Week

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). Rated high severity (CVSS 8.8). No vendor patch available.

Docker Privilege Escalation Sinec Traffic Analyzer
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2025-40751 MEDIUM Monitor

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Simatic Rtls Locating Manager
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-3892 MEDIUM This Month

ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Axis Os
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-8059 CRITICAL This Week

The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-42943 MEDIUM Monitor

SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Microsoft Privilege Escalation Windows
NVD
CVSS 3.1
4.5
EPSS
0.0%
CVE-2025-42936 MEDIUM PATCH This Month

The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

SAP Privilege Escalation Sap Basis
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-8672 MEDIUM PATCH Monitor

MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Python Apple Privilege Escalation Gimp macOS +1
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-8660 MEDIUM This Month

Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Symantec Pgp Encryption
NVD
CVSS 4.0
5.6
EPSS
0.0%
CVE-2025-54996 Go HIGH PATCH This Month

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Openbao Suse
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-4796 HIGH PATCH This Month

The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Privilege Escalation Eventin PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-26513 HIGH This Week

The installer for SAN Host Utilities for Windows versions prior to 8.0 is susceptible to a vulnerability which when successfully exploited could allow a local user to escalate their privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Privilege Escalation San Host Utilities Windows
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-7195 Go MEDIUM PATCH This Month

Operator-SDK before version 0.15.2 scaffolds operator container images with an insecure user_setup script that leaves the /etc/passwd file with group-writable permissions (mode 664) and root group ownership, enabling any non-root container user who is a member of the root group to modify /etc/passwd and add arbitrary users with UID 0, achieving full container root compromise. Developers who used affected versions to build operators may still be deploying vulnerable container images if the insecure script persists in their build pipelines. The vulnerability carries a CVSS score of 6.4 with high complexity and high privilege requirements (CVSS:3.1/AV:L/AC:H/PR:H), but an EPSS score of 0.01% indicates minimal real-world exploitation likelihood; no public exploit code or active exploitation has been confirmed.

Privilege Escalation
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-55077 MEDIUM This Month

Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Erp Pro 9 Windows
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-50675 HIGH This Month

GPMAW 14, a bioinformatics software, has a critical vulnerability related to insecure file permissions in its installation directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-42048 MEDIUM This Month

OpenOrange Business Framework version 1.15.5 installs to a directory with overly permissive access control, allowing all authenticated users to write to the installation path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Privilege Escalation
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-54785 HIGH This Month

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Privilege Escalation Information Disclosure Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-55398 MEDIUM This Month

4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Exonaut
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50234 MEDIUM POC This Week

MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Microsoft SSRF Privilege Escalation +3
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-7771 HIGH POC This Week

ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. Rated high severity (CVSS 8.7). No vendor patch available.

RCE Microsoft Privilege Escalation Windows
NVD GitHub Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-6994 CRITICAL Act Now

The Reveal Listing plugin by smartdatasoft for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-54608 MEDIUM This Month

Vulnerability that allows setting screen rotation direction without permission verification in the screen management module. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-54802 PyPI CRITICAL POC PATCH Act Now

pyLoad is the free and open-source Download Manager written in pure Python. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Python RCE Path Traversal Pyload Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-51726 HIGH This Month

CyberGhostVPNSetup.exe (Windows installer) is signed using the weak cryptographic hash algorithm SHA-1, which is vulnerable to collision attacks. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Privilege Escalation Windows
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2013-10052 HIGH POC Act Now

ZPanel includes a helper binary named zsudo, intended to allow restricted privilege escalation for administrative tasks. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation
NVD GitHub Exploit-DB
CVSS 4.0
8.5
EPSS
1.6%
CVE-2025-44643 HIGH This Week

Certain Draytek products are affected by Insecure Configuration. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-41658 MEDIUM CISA This Month

CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20702 HIGH This Month

In the Airoha Bluetooth audio SDK, there is a possible unauthorized access to the RACE protocol. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-20701 HIGH This Week

In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-20700 HIGH This Month

In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-20698 MEDIUM This Month

In Power HAL, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20697 MEDIUM This Month

In Power HAL, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20696 MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +4
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-6754 HIGH This Week

The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seo_metrics_handle_connect_button_click() AJAX handler and the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-54386 Go HIGH PATCH This Month

Traefik is an HTTP reverse proxy and load balancer. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Privilege Escalation Denial Of Service RCE Path Traversal Traefik +2
NVD GitHub
CVSS 4.0
7.3
EPSS
0.9%
CVE-2013-10046 HIGH POC Act Now

A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Path Traversal
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
1.0%
CVE-2012-10022 HIGH POC Act Now

Kloxo versions 6.1.12 and earlier contain two setuid root binaries-lxsuexec and lxrestart-that allow local privilege escalation from uid 48. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apache
NVD GitHub Exploit-DB
CVSS 4.0
8.5
EPSS
1.4%
CVE-2025-5999 Go HIGH PATCH This Month

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Privilege Escalation Vault Red Hat Suse
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-52361 HIGH This Month

Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to execute arbitrary commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-5947 CRITICAL POC Act Now

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-5954 CRITICAL This Week

The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-43273 CRITICAL Act Now

Sandbox escape in macOS Sequoia 15.x and Sonoma 14.x allows sandboxed processes to bypass security restrictions and access high-value confidential data or modify system integrity without authentication. Patched in macOS Sequoia 15.6 and macOS Sonoma 14.8. EPSS exploitation probability is low (0.05%, 16th percentile), and no public exploit identified at time of analysis, though the CVSS 9.1 rating reflects the severe theoretical impact of compromised sandbox isolation-a critical security boundary in macOS architecture.

Apple macOS Privilege Escalation
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-43270 HIGH This Week

macOS sandbox escape vulnerability allows locally installed applications to bypass Local Network access restrictions and perform unauthorized network operations. Affects macOS Ventura (pre-13.7.7), Sonoma (pre-14.7.7), and Sequoia (pre-15.6). CVSS 8.8 reflects high impact on confidentiality, integrity, and availability with scope change, but requires local access with low privileges (PR:L). EPSS score of 0.02% (4th percentile) indicates very low observed exploitation probability. No public exploit identified at time of analysis, and not listed in CISA KEV. Real-world risk centers on malicious apps installed by legitimate users bypassing Apple's network privacy controls.

Apple macOS Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-43243 CRITICAL Act Now

File system permission bypass in macOS allows applications to modify protected system files without proper authorization. Affects macOS Sequoia (prior to 15.6), Sonoma (prior to 14.7.7), and Ventura (prior to 13.7.7). Despite a critical 9.8 CVSS score with network attack vector rating, the vulnerability requires local application execution, making the CVSS vector potentially misleading. EPSS exploitation probability is very low at 0.08% (24th percentile), and no public exploit identified at time of analysis. Tagged for information disclosure, though integrity impact is primary concern given file system modification capability.

Apple macOS Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-43232 CRITICAL Act Now

Privacy controls in macOS Sequoia, Sonoma, and Ventura can be bypassed by local applications due to insufficient permission enforcement, allowing unauthorized access to privacy-protected resources. Fixed in macOS Sequoia 15.6, Sonoma 14.7.7, and Ventura 13.7.7. CVSS score of 9.8 (Critical) reflects network-exploitable attack vector, but actual exploitation requires local app installation, making the CVSS vector (AV:N) likely misaligned with the described attack scenario. No public exploit identified at time of analysis; EPSS score of 0.08% (24th percentile) indicates low predicted exploitation probability despite high CVSS severity.

Apple macOS Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-43230 MEDIUM This Month

Insufficient permission checks in Apple operating systems allow local apps to access user-sensitive data without proper authorization. The vulnerability affects iOS 18.5 and earlier, iPadOS 18.5 and earlier (and iPadOS 17.7.8 and earlier), macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. An unprivileged local application can exploit this to read sensitive user information by circumventing the permission model. No public exploit code has been identified at time of analysis, and EPSS scoring (0.02%, 4th percentile) indicates very low real-world exploitation probability despite the information disclosure impact.

Apple iOS Information Disclosure Privilege Escalation Ipados +4
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-43223 HIGH This Week

Improper input validation in Apple's network configuration subsystem across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allows unauthenticated remote attackers to trigger denial-of-service conditions and enables non-privileged local users to modify restricted network settings. Fixed in iOS/iPadOS 18.6/17.7.9, macOS Sequoia 15.6, Sonoma 14.7.7, Ventura 13.7.7, tvOS 18.6, visionOS 2.6, and watchOS 11.6. EPSS score of 0.15% (36th percentile) indicates low predicted exploitation probability, and no public exploit identified at time of analysis.

Apple iOS macOS Denial Of Service Privilege Escalation +5
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-43184 CRITICAL Act Now

Authentication bypass in macOS Shortcuts allows malicious shortcuts to circumvent sensitive app settings without user consent across macOS Ventura 13.x, Sonoma 14.x, and Sequoia 15.x prior to July 2025 security updates. Despite a critical CVSS 9.8 score suggesting network-based exploitation, the vulnerability actually requires local shortcut execution with no authentication (PR:N), making the CVSS vector potentially misaligned with the actual attack surface. No public exploit identified at time of analysis, with EPSS score of 0.08% (24th percentile) indicating low predicted exploitation probability. Apple fixed the issue by adding mandatory user consent prompts.

Apple macOS Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-31243 HIGH This Week

Privilege escalation in macOS Sequoia 15.x, Sonoma 14.x, and Ventura 13.x allows local applications to gain root privileges through a permissions enforcement weakness. The vulnerability requires user interaction but no authentication, enabling malicious applications to achieve complete system compromise. Fixed in macOS Sequoia 15.6, Sonoma 14.7.7, and Ventura 13.7.7. No public exploit identified at time of analysis, with EPSS score of 0.01% (2nd percentile) indicating minimal observed exploitation likelihood.

Apple macOS Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-24119 HIGH This Week

Sandbox escape and privilege escalation in macOS 13.7.x through 15.2.x allow local authenticated users to execute arbitrary code outside application sandboxes or gain elevated privileges via state management flaws. Apple patched this in macOS Ventura 13.7.7, Sonoma 14.7.7, and Sequoia 15.3. With EPSS at 0.02% (5th percentile) and no public exploit identified at time of analysis, real-world risk remains low despite the high CVSS score, though local attackers with existing user-level access could leverage this for post-exploitation privilege escalation.

Apple macOS RCE Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-48729 HIGH This Week

An issue in ETSI Open-Source MANO (OSM) 14.0.x before 14.0.3, 15.0.x before 15.0.2, 16.0.0, and 17.0.0 allows a remote authenticated attacker to escalate privileges via the /osm/admin/v1/users. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2025-6018 HIGH POC PATCH This Week

Local privilege escalation in SUSE Linux Enterprise 15 / openSUSE Leap pam-config (PAM) lets an unprivileged local user - including one logged in remotely over SSH - be incorrectly treated as a physically present "allow_active" console user. By gaining that session status, the attacker can invoke Polkit actions normally gated to active console sessions, and publicly available exploit code (Qualys) chains this with the udisks flaw CVE-2025-6019 to reach full root. There is no public evidence of active exploitation (not in CISA KEV), but working POC exploit code exists.

Authentication Bypass Privilege Escalation Pam Config
NVD Exploit-DB GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2025-8031 CRITICAL PATCH Act Now

HTTP Basic Authentication credentials leak in Mozilla Firefox and Thunderbird via Content Security Policy (CSP) violation reports affects all versions prior to Firefox 141, Firefox ESR 128.13/140.1, and Thunderbird 141/128.13/140.1. When CSP violations occur on pages using HTTP Basic Auth, the browser incorrectly includes username:password in the violation report URL sent to the CSP report endpoint, exposing credentials to potentially untrusted third parties. With CVSS 9.8 and network-based unauthenticated attack vector (AV:N/AC:L/PR:N), this represents a critical credential disclosure vulnerability, though no public exploit or active exploitation (non-KEV) is confirmed at time of analysis.

Mozilla Privilege Escalation Thunderbird Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-44654 CRITICAL Act Now

Improper access control in the Linksys E2500 wireless router (firmware 3.0.04.002) stems from its bundled vsftpd FTP service, where the reporter flags the chroot_local_user setting as enabling unauthorized reach into system files, privilege escalation, or lateral pivoting into the internal network. The E2500 is a discontinued consumer/SOHO router, and no public exploit identified at time of analysis; EPSS estimates only a 1.08% exploitation probability (61st percentile). Notably, the single reference is a third-party GitHub gist rather than a vendor advisory, and the technical claim is internally inconsistent (see risk assessment).

Authentication Bypass Privilege Escalation Linksys E2500 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-44657 LOW Monitor

Improper access control in Linksys EA6350 firmware 2.1.2 exposes the embedded vsftpd FTP service via a misconfigured chroot_local_user directive in a dynamically generated configuration file, allowing authenticated FTP users to traverse outside their intended jail and access sensitive system files. Affected users of this specific firmware version could face local privilege escalation or use of the device as a network pivot point for lateral movement into attached internal segments. No public exploit code has been confirmed, EPSS sits at 0.28% (20th percentile), and the device carries no CISA KEV listing, collectively suggesting limited real-world threat activity at this time.

Authentication Bypass Privilege Escalation Linksys Ea6350 Firmware
NVD GitHub
CVSS 3.1
3.9
EPSS
0.3%
CVE-2025-44655 CRITICAL Act Now

Privilege escalation and unauthorized file access affects TOTOLINK A7100RU (V7.4), A950RG (V5.9), and T10 (V5.9) routers because their bundled vsftpd FTP server ships with the chroot_local_user option enabled in vsftpd.conf, an insecure default that can let a local FTP user reach system files and escalate on the device. On these consumer routers the FTP daemon runs with high privilege and weak isolation, so a foothold on the FTP service can be used to read sensitive files, gain elevated access, and pivot into the internal network. There is no CISA KEV listing and no public exploit identified at time of analysis; the only reference is a researcher gist, and EPSS is low at 0.34% (26th percentile).

Privilege Escalation Authentication Bypass A7100Ru Firmware A950rg Firmware T10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-4040 HIGH This Week

Privilege escalation in Turpak Automatic Station Monitoring System versions prior to 5.0.6.51 allows authenticated remote attackers to bypass authorization controls by manipulating user-controlled keys (IDOR-style flaw). Authenticated low-privilege users can access or modify resources belonging to other accounts, including potentially higher-privileged ones. EPSS scores exploitation likelihood at 0.19% (41st percentile) and no public exploit identified at time of analysis.

Authentication Bypass Privilege Escalation
NVD VulDB
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-7784 Maven MEDIUM PATCH This Month

Privilege escalation in Keycloak's Fine-Grained Admin Permissions v2 (FGAPv2) allows administrative users with the manage-users role to escalate privileges to realm-admin through improper privilege enforcement. When FGAPv2 is enabled, this vulnerability enables unauthorized elevation of administrative access rights, compromising the separation of administrative duties. No public exploit code or active exploitation has been identified at the time of analysis.

Privilege Escalation Build Of Keycloak Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52836 CRITICAL Act Now

Privilege escalation in Unity Business Technology's E-Commerce ERP plugin (profitori) through version 2.1.1.3 allows attackers to gain elevated permissions due to incorrect privilege assignment. The vulnerability affects the WordPress plugin with EPSS exploitation probability at 0.09%, indicating low real-world exploitation likelihood despite the privilege escalation impact. No public exploit code or active exploitation (KEV status) has been confirmed.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-7341 CRITICAL PATCH Act Now

Arbitrary file deletion in HT Contact Form Widget For Elementor (WordPress plugin) allows unanetworks attackers to remove critical server files, enabling remote code execution. Affecting all versions through 2.2.1, the vulnerability stems from insufficient path validation in temp_file_delete(), permitting deletion of wp-config.php or other essential files. CVSS 9.1 (Critical) with network attack vector, low complexity, and no authentication required. Vendor patch available (changeset 3326887). No public exploit identified at time of analysis, though the attack path is straightforward for skilled adversaries.

WordPress Privilege Escalation RCE PHP Download Contact Form 7 Widget For Elementor Page Builder Gutenberg Blocks +1
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2025-27582 HIGH PATCH This Week

A privilege escalation vulnerability in One Identity Password Manager (CVSS 7.6). High severity vulnerability requiring prompt remediation.

Microsoft Privilege Escalation Windows
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-25180 HIGH This Week

CVE-2025-25180 is a privilege escalation vulnerability affecting GPU drivers that allows non-privileged users to conduct improper GPU system calls, enabling arbitrary writes to physical memory pages including kernel and driver memory. This vulnerability could allow local attackers to corrupt critical kernel data structures and alter system behavior, potentially leading to complete system compromise. The attack requires local access and low privilege level but has high impact across confidentiality, integrity, and availability.

Memory Corruption Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-1384 HIGH This Week

CVE-2025-1384 is a least privilege violation (CWE-272) in the communication protocol between Omron NJ/NX-series Machine Automation Controllers and Sysmac Studio software that allows unauthenticated remote attackers to execute arbitrary code on affected controllers. The vulnerability affects industrial automation environments and enables complete compromise of controller functionality through unauthorized remote code execution. While the CVSS score of 7.0 indicates moderate-to-high severity, the network-accessible attack vector and lack of required privileges make this a significant threat to operational technology (OT) environments, particularly in manufacturing and critical infrastructure sectors.

Authentication Bypass Siemens RCE Privilege Escalation
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-7012 HIGH PATCH This Week

CVE-2025-7012 is a local privilege escalation vulnerability in Cato Networks CatoClient for Linux versions prior to 5.5, stemming from improper symbolic link handling that allows an authenticated local attacker to escalate privileges to root. With a CVSS score of 8.6 and CWE-59 classification, this vulnerability presents a high-severity risk to Linux deployments; the attack requires local access and user interaction but delivers complete system compromise. Active exploitation status and proof-of-concept availability should be verified through CISA KEV database and exploit repositories.

Privilege Escalation
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-1313 HIGH This Week

The Nokri - Job Board WordPress Theme contains a critical privilege escalation vulnerability (CVE-2025-1313) affecting all versions up to 1.6.3, where authenticated Subscriber-level users can change arbitrary user email addresses without proper identity validation. This allows attackers to reset administrator passwords and achieve complete account takeover, resulting in full WordPress site compromise. With a CVSS score of 8.8 and low attack complexity requiring only valid subscriber credentials, this vulnerability poses significant real-world risk to WordPress installations using this theme.

WordPress Privilege Escalation PHP Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-5199 HIGH POC PATCH This Week

CVE-2025-5199 is a local privilege escalation vulnerability in Canonical Multipass up to version 1.15.1 on macOS, where incorrect default file permissions on a Launch Daemon allow an authenticated local attacker to modify files executed with administrative privileges during system startup. An attacker with local user access can escalate to root/administrator level through file manipulation, presenting a high-impact privilege escalation risk on affected macOS systems.

Apple Privilege Escalation Multipass macOS
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-7503 CRITICAL Act Now

CVE-2025-7503 is a security vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affected systems.

RCE Privilege Escalation Authentication Bypass IoT SSH
NVD GitHub
CVSS 4.0
10.0
EPSS
0.7%
CVE-2025-7029 HIGH This Week

CVE-2025-7029 is a critical SMRAM corruption vulnerability in software SMI handlers that allows local attackers with high privileges to achieve arbitrary memory writes and potential SMM privilege escalation. The vulnerability exists in SwSmiInputValue 0xB2 handler where attacker-controlled RBX register values are used to derive unvalidated pointers for power and thermal configuration operations. This affects firmware-level security boundaries and could enable complete system compromise, though exploitation requires elevated privileges and no public exploit code or active KEV exploitation has been reported at this time.

Privilege Escalation Buffer Overflow Memory Corruption
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-7027 HIGH This Week

CVE-2025-7027 is a security vulnerability (CVSS 8.2) that allows a local attacker. High severity vulnerability requiring prompt remediation.

Privilege Escalation
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-7026 HIGH This Week

A privilege escalation vulnerability (CVSS 8.2) that allows a local attacker. High severity vulnerability requiring prompt remediation.

Privilege Escalation
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-52983 HIGH PATCH This Week

CVE-2025-52983 is a critical authentication bypass vulnerability in Juniper Networks Junos OS on VM Host Routing Engines where public keys configured for root access are not properly validated, allowing users possessing the corresponding private key to gain unauthorized root-level access even after the public key has been administratively removed from the system. This network-accessible vulnerability affects multiple Junos OS release branches and requires high privileges to configure but enables complete system compromise once exploited. While the CVSS score of 7.2 reflects significant impact, the practical risk depends on KEV designation and active exploitation status.

Juniper Authentication Bypass Privilege Escalation Junos
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-30661 HIGH PATCH This Week

A remote code execution vulnerability in line card script processing of Juniper Networks Junos OS allows a local (CVSS 7.3). High severity vulnerability requiring prompt remediation.

Juniper Privilege Escalation Junos
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-50124 HIGH This Week

CVE-2025-50124 is a privilege escalation vulnerability (CWE-269: Improper Privilege Management) affecting server systems with a CVSS score of 7.2. The vulnerability exists in a setup script that can be exploited when accessed by a privileged account via console, allowing attackers to escalate privileges and gain high-impact control over confidentiality, integrity, and availability. This is a physical/local attack vector requiring high privileges and significant effort, limiting widespread exploitation but representing critical risk in restricted access environments.

Privilege Escalation
NVD
CVSS 4.0
7.2
EPSS
0.0%
CVE-2025-50123 HIGH This Week

CVE-2025-50123 is a code injection vulnerability (CWE-94) in an unspecified server product that allows remote command execution when accessed via console by a privileged account through malicious hostname input. The vulnerability has a CVSS 4.0 score of 7.2 and requires physical access and high privileges, significantly limiting real-world exploitability despite the high impact potential. KEV status and EPSS scoring data are unavailable in provided intelligence, but the physical attack vector and high privilege requirement suggest this poses limited risk in typical network environments.

RCE Code Injection Privilege Escalation Command Injection
NVD
CVSS 4.0
7.2
EPSS
0.0%
CVE-2025-50122 HIGH This Week

CVE-2025-50122 is a cryptographic entropy vulnerability (CWE-331) in password generation algorithms that allows attackers with access to installation or upgrade artifacts to reverse engineer and discover root passwords. This affects products using insufficient entropy in their root password generation during deployment phases. With a CVSS score of 8.9 and network-adjacent attack vector, this poses a critical risk to systems deployed in environments where installation artifacts may be accessible or retained. The vulnerability requires moderate attack complexity but no user interaction, making it viable for targeted attacks against infrastructure during or shortly after deployment.

Information Disclosure Privilege Escalation
NVD
CVSS 4.0
8.9
EPSS
0.0%
EPSS 0% CVSS 8.8
HIGH This Week

Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 8.8). No vendor patch available.

Intel Privilege Escalation Linux +2
NVD
EPSS 0% CVSS 1.8
LOW Monitor

Improper buffer restrictions in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. Rated low severity (CVSS 2.0). No vendor patch available.

Buffer Overflow Privilege Escalation Intel
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path element for some Intel(R) Driver &amp; Support Assistant Tool software before version 24.6.49.8 may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Linux Intel +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Month

Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.3). No vendor patch available.

Privilege Escalation Intel Suse
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Improper access control for some Intel(R) Rapid Storage Technology installation software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Authentication Bypass Privilege Escalation Intel
NVD
EPSS 0% CVSS 8.6
HIGH This Month

Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Linux Intel +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path for some Clock Jitter Tool software before version 6.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Incorrect default permissions for some Intel(R) oneAPI DPC++/C++ Compiler software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Time-of-check Time-of-use race condition for some Intel(R) Connectivity Performance Suite software installers before version 40.24.11210 may allow an authenticated user to potentially enable. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Privilege Escalation Intel +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path for the Intel(R) Trace Analyzer and Collector software all verions may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Time-of-check time-of-use race condition in firmware for some Intel(R) Converged Security and Management Engine may allow a privileged user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 6.8). No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Incorrect default permissions for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path for some Intel(R) oneAPI Toolkit and component software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). Rated high severity (CVSS 8.8). No vendor patch available.

Docker Privilege Escalation Sinec Traffic Analyzer
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Simatic Rtls Locating Manager
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Axis Os
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation +1
NVD
EPSS 0% CVSS 4.5
MEDIUM Monitor

SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Microsoft Privilege Escalation +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

SAP Privilege Escalation Sap Basis
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH Monitor

MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Python Apple Privilege Escalation +3
NVD
EPSS 0% CVSS 5.6
MEDIUM This Month

Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Symantec Pgp Encryption
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Month

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Openbao +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Month

The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Privilege Escalation +2
NVD
EPSS 0% CVSS 7.0
HIGH This Week

The installer for SAN Host Utilities for Windows versions prior to 8.0 is susceptible to a vulnerability which when successfully exploited could allow a local user to escalate their privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Privilege Escalation San Host Utilities +1
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

Operator-SDK before version 0.15.2 scaffolds operator container images with an insecure user_setup script that leaves the /etc/passwd file with group-writable permissions (mode 664) and root group ownership, enabling any non-root container user who is a member of the root group to modify /etc/passwd and add arbitrary users with UID 0, achieving full container root compromise. Developers who used affected versions to build operators may still be deploying vulnerable container images if the insecure script persists in their build pipelines. The vulnerability carries a CVSS score of 6.4 with high complexity and high privilege requirements (CVSS:3.1/AV:L/AC:H/PR:H), but an EPSS score of 0.01% indicates minimal real-world exploitation likelihood; no public exploit code or active exploitation has been confirmed.

Privilege Escalation
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Erp Pro 9 +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

GPMAW 14, a bioinformatics software, has a critical vulnerability related to insecure file permissions in its installation directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

OpenOrange Business Framework version 1.15.5 installs to a directory with overly permissive access control, allowing all authenticated users to write to the installation path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Month

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Privilege Escalation +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Exonaut
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Week

MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Microsoft +5
NVD GitHub
EPSS 0% CVSS 8.7
HIGH POC This Week

ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. Rated high severity (CVSS 8.7). No vendor patch available.

RCE Microsoft Privilege Escalation +1
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

The Reveal Listing plugin by smartdatasoft for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Vulnerability that allows setting screen rotation direction without permission verification in the screen management module. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

pyLoad is the free and open-source Download Manager written in pure Python. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Python RCE +2
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Month

CyberGhostVPNSetup.exe (Windows installer) is signed using the weak cryptographic hash algorithm SHA-1, which is vulnerable to collision attacks. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Privilege Escalation +1
NVD GitHub
EPSS 2% CVSS 8.5
HIGH POC Act Now

ZPanel includes a helper binary named zsudo, intended to allow restricted privilege escalation for administrative tasks. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation
NVD GitHub Exploit-DB
EPSS 0% CVSS 8.6
HIGH This Week

Certain Draytek products are affected by Insecure Configuration. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Month

In the Airoha Bluetooth audio SDK, there is a possible unauthorized access to the RACE protocol. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Month

In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In Power HAL, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In Power HAL, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +6
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seo_metrics_handle_connect_button_click() AJAX handler and the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
EPSS 1% CVSS 7.3
HIGH PATCH This Month

Traefik is an HTTP reverse proxy and load balancer. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Privilege Escalation Denial Of Service RCE +4
NVD GitHub
EPSS 1% CVSS 8.5
HIGH POC Act Now

A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Path Traversal
NVD Exploit-DB
EPSS 1% CVSS 8.5
HIGH POC Act Now

Kloxo versions 6.1.12 and earlier contain two setuid root binaries-lxsuexec and lxrestart-that allow local privilege escalation from uid 48. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apache
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.2
HIGH PATCH This Month

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Privilege Escalation Vault +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to execute arbitrary commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation +1
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Sandbox escape in macOS Sequoia 15.x and Sonoma 14.x allows sandboxed processes to bypass security restrictions and access high-value confidential data or modify system integrity without authentication. Patched in macOS Sequoia 15.6 and macOS Sonoma 14.8. EPSS exploitation probability is low (0.05%, 16th percentile), and no public exploit identified at time of analysis, though the CVSS 9.1 rating reflects the severe theoretical impact of compromised sandbox isolation-a critical security boundary in macOS architecture.

Apple macOS Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

macOS sandbox escape vulnerability allows locally installed applications to bypass Local Network access restrictions and perform unauthorized network operations. Affects macOS Ventura (pre-13.7.7), Sonoma (pre-14.7.7), and Sequoia (pre-15.6). CVSS 8.8 reflects high impact on confidentiality, integrity, and availability with scope change, but requires local access with low privileges (PR:L). EPSS score of 0.02% (4th percentile) indicates very low observed exploitation probability. No public exploit identified at time of analysis, and not listed in CISA KEV. Real-world risk centers on malicious apps installed by legitimate users bypassing Apple's network privacy controls.

Apple macOS Privilege Escalation
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

File system permission bypass in macOS allows applications to modify protected system files without proper authorization. Affects macOS Sequoia (prior to 15.6), Sonoma (prior to 14.7.7), and Ventura (prior to 13.7.7). Despite a critical 9.8 CVSS score with network attack vector rating, the vulnerability requires local application execution, making the CVSS vector potentially misleading. EPSS exploitation probability is very low at 0.08% (24th percentile), and no public exploit identified at time of analysis. Tagged for information disclosure, though integrity impact is primary concern given file system modification capability.

Apple macOS Privilege Escalation
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Privacy controls in macOS Sequoia, Sonoma, and Ventura can be bypassed by local applications due to insufficient permission enforcement, allowing unauthorized access to privacy-protected resources. Fixed in macOS Sequoia 15.6, Sonoma 14.7.7, and Ventura 13.7.7. CVSS score of 9.8 (Critical) reflects network-exploitable attack vector, but actual exploitation requires local app installation, making the CVSS vector (AV:N) likely misaligned with the described attack scenario. No public exploit identified at time of analysis; EPSS score of 0.08% (24th percentile) indicates low predicted exploitation probability despite high CVSS severity.

Apple macOS Privilege Escalation
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Insufficient permission checks in Apple operating systems allow local apps to access user-sensitive data without proper authorization. The vulnerability affects iOS 18.5 and earlier, iPadOS 18.5 and earlier (and iPadOS 17.7.8 and earlier), macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. An unprivileged local application can exploit this to read sensitive user information by circumventing the permission model. No public exploit code has been identified at time of analysis, and EPSS scoring (0.02%, 4th percentile) indicates very low real-world exploitation probability despite the information disclosure impact.

Apple iOS Information Disclosure +6
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper input validation in Apple's network configuration subsystem across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allows unauthenticated remote attackers to trigger denial-of-service conditions and enables non-privileged local users to modify restricted network settings. Fixed in iOS/iPadOS 18.6/17.7.9, macOS Sequoia 15.6, Sonoma 14.7.7, Ventura 13.7.7, tvOS 18.6, visionOS 2.6, and watchOS 11.6. EPSS score of 0.15% (36th percentile) indicates low predicted exploitation probability, and no public exploit identified at time of analysis.

Apple iOS macOS +7
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Authentication bypass in macOS Shortcuts allows malicious shortcuts to circumvent sensitive app settings without user consent across macOS Ventura 13.x, Sonoma 14.x, and Sequoia 15.x prior to July 2025 security updates. Despite a critical CVSS 9.8 score suggesting network-based exploitation, the vulnerability actually requires local shortcut execution with no authentication (PR:N), making the CVSS vector potentially misaligned with the actual attack surface. No public exploit identified at time of analysis, with EPSS score of 0.08% (24th percentile) indicating low predicted exploitation probability. Apple fixed the issue by adding mandatory user consent prompts.

Apple macOS Privilege Escalation
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Privilege escalation in macOS Sequoia 15.x, Sonoma 14.x, and Ventura 13.x allows local applications to gain root privileges through a permissions enforcement weakness. The vulnerability requires user interaction but no authentication, enabling malicious applications to achieve complete system compromise. Fixed in macOS Sequoia 15.6, Sonoma 14.7.7, and Ventura 13.7.7. No public exploit identified at time of analysis, with EPSS score of 0.01% (2nd percentile) indicating minimal observed exploitation likelihood.

Apple macOS Privilege Escalation
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Sandbox escape and privilege escalation in macOS 13.7.x through 15.2.x allow local authenticated users to execute arbitrary code outside application sandboxes or gain elevated privileges via state management flaws. Apple patched this in macOS Ventura 13.7.7, Sonoma 14.7.7, and Sequoia 15.3. With EPSS at 0.02% (5th percentile) and no public exploit identified at time of analysis, real-world risk remains low despite the high CVSS score, though local attackers with existing user-level access could leverage this for post-exploitation privilege escalation.

Apple macOS RCE +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

An issue in ETSI Open-Source MANO (OSM) 14.0.x before 14.0.3, 15.0.x before 15.0.2, 16.0.0, and 17.0.0 allows a remote authenticated attacker to escalate privileges via the /osm/admin/v1/users. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Local privilege escalation in SUSE Linux Enterprise 15 / openSUSE Leap pam-config (PAM) lets an unprivileged local user - including one logged in remotely over SSH - be incorrectly treated as a physically present "allow_active" console user. By gaining that session status, the attacker can invoke Polkit actions normally gated to active console sessions, and publicly available exploit code (Qualys) chains this with the udisks flaw CVE-2025-6019 to reach full root. There is no public evidence of active exploitation (not in CISA KEV), but working POC exploit code exists.

Authentication Bypass Privilege Escalation Pam Config
NVD Exploit-DB GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

HTTP Basic Authentication credentials leak in Mozilla Firefox and Thunderbird via Content Security Policy (CSP) violation reports affects all versions prior to Firefox 141, Firefox ESR 128.13/140.1, and Thunderbird 141/128.13/140.1. When CSP violations occur on pages using HTTP Basic Auth, the browser incorrectly includes username:password in the violation report URL sent to the CSP report endpoint, exposing credentials to potentially untrusted third parties. With CVSS 9.8 and network-based unauthenticated attack vector (AV:N/AC:L/PR:N), this represents a critical credential disclosure vulnerability, though no public exploit or active exploitation (non-KEV) is confirmed at time of analysis.

Mozilla Privilege Escalation Thunderbird +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Improper access control in the Linksys E2500 wireless router (firmware 3.0.04.002) stems from its bundled vsftpd FTP service, where the reporter flags the chroot_local_user setting as enabling unauthorized reach into system files, privilege escalation, or lateral pivoting into the internal network. The E2500 is a discontinued consumer/SOHO router, and no public exploit identified at time of analysis; EPSS estimates only a 1.08% exploitation probability (61st percentile). Notably, the single reference is a third-party GitHub gist rather than a vendor advisory, and the technical claim is internally inconsistent (see risk assessment).

Authentication Bypass Privilege Escalation Linksys +1
NVD GitHub
EPSS 0% CVSS 3.9
LOW Monitor

Improper access control in Linksys EA6350 firmware 2.1.2 exposes the embedded vsftpd FTP service via a misconfigured chroot_local_user directive in a dynamically generated configuration file, allowing authenticated FTP users to traverse outside their intended jail and access sensitive system files. Affected users of this specific firmware version could face local privilege escalation or use of the device as a network pivot point for lateral movement into attached internal segments. No public exploit code has been confirmed, EPSS sits at 0.28% (20th percentile), and the device carries no CISA KEV listing, collectively suggesting limited real-world threat activity at this time.

Authentication Bypass Privilege Escalation Linksys +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Privilege escalation and unauthorized file access affects TOTOLINK A7100RU (V7.4), A950RG (V5.9), and T10 (V5.9) routers because their bundled vsftpd FTP server ships with the chroot_local_user option enabled in vsftpd.conf, an insecure default that can let a local FTP user reach system files and escalate on the device. On these consumer routers the FTP daemon runs with high privilege and weak isolation, so a foothold on the FTP service can be used to read sensitive files, gain elevated access, and pivot into the internal network. There is no CISA KEV listing and no public exploit identified at time of analysis; the only reference is a researcher gist, and EPSS is low at 0.34% (26th percentile).

Privilege Escalation Authentication Bypass A7100Ru Firmware +2
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

Privilege escalation in Turpak Automatic Station Monitoring System versions prior to 5.0.6.51 allows authenticated remote attackers to bypass authorization controls by manipulating user-controlled keys (IDOR-style flaw). Authenticated low-privilege users can access or modify resources belonging to other accounts, including potentially higher-privileged ones. EPSS scores exploitation likelihood at 0.19% (41st percentile) and no public exploit identified at time of analysis.

Authentication Bypass Privilege Escalation
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Privilege escalation in Keycloak's Fine-Grained Admin Permissions v2 (FGAPv2) allows administrative users with the manage-users role to escalate privileges to realm-admin through improper privilege enforcement. When FGAPv2 is enabled, this vulnerability enables unauthorized elevation of administrative access rights, compromising the separation of administrative duties. No public exploit code or active exploitation has been identified at the time of analysis.

Privilege Escalation Build Of Keycloak Red Hat
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Privilege escalation in Unity Business Technology's E-Commerce ERP plugin (profitori) through version 2.1.1.3 allows attackers to gain elevated permissions due to incorrect privilege assignment. The vulnerability affects the WordPress plugin with EPSS exploitation probability at 0.09%, indicating low real-world exploitation likelihood despite the privilege escalation impact. No public exploit code or active exploitation (KEV status) has been confirmed.

Privilege Escalation
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Arbitrary file deletion in HT Contact Form Widget For Elementor (WordPress plugin) allows unanetworks attackers to remove critical server files, enabling remote code execution. Affecting all versions through 2.2.1, the vulnerability stems from insufficient path validation in temp_file_delete(), permitting deletion of wp-config.php or other essential files. CVSS 9.1 (Critical) with network attack vector, low complexity, and no authentication required. Vendor patch available (changeset 3326887). No public exploit identified at time of analysis, though the attack path is straightforward for skilled adversaries.

WordPress Privilege Escalation RCE +3
NVD
EPSS 0% CVSS 7.6
HIGH PATCH This Week

A privilege escalation vulnerability in One Identity Password Manager (CVSS 7.6). High severity vulnerability requiring prompt remediation.

Microsoft Privilege Escalation Windows
NVD
EPSS 0% CVSS 7.8
HIGH This Week

CVE-2025-25180 is a privilege escalation vulnerability affecting GPU drivers that allows non-privileged users to conduct improper GPU system calls, enabling arbitrary writes to physical memory pages including kernel and driver memory. This vulnerability could allow local attackers to corrupt critical kernel data structures and alter system behavior, potentially leading to complete system compromise. The attack requires local access and low privilege level but has high impact across confidentiality, integrity, and availability.

Memory Corruption Privilege Escalation
NVD
EPSS 0% CVSS 7.0
HIGH This Week

CVE-2025-1384 is a least privilege violation (CWE-272) in the communication protocol between Omron NJ/NX-series Machine Automation Controllers and Sysmac Studio software that allows unauthenticated remote attackers to execute arbitrary code on affected controllers. The vulnerability affects industrial automation environments and enables complete compromise of controller functionality through unauthorized remote code execution. While the CVSS score of 7.0 indicates moderate-to-high severity, the network-accessible attack vector and lack of required privileges make this a significant threat to operational technology (OT) environments, particularly in manufacturing and critical infrastructure sectors.

Authentication Bypass Siemens RCE +1
NVD
EPSS 0% CVSS 8.6
HIGH PATCH This Week

CVE-2025-7012 is a local privilege escalation vulnerability in Cato Networks CatoClient for Linux versions prior to 5.5, stemming from improper symbolic link handling that allows an authenticated local attacker to escalate privileges to root. With a CVSS score of 8.6 and CWE-59 classification, this vulnerability presents a high-severity risk to Linux deployments; the attack requires local access and user interaction but delivers complete system compromise. Active exploitation status and proof-of-concept availability should be verified through CISA KEV database and exploit repositories.

Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The Nokri - Job Board WordPress Theme contains a critical privilege escalation vulnerability (CVE-2025-1313) affecting all versions up to 1.6.3, where authenticated Subscriber-level users can change arbitrary user email addresses without proper identity validation. This allows attackers to reset administrator passwords and achieve complete account takeover, resulting in full WordPress site compromise. With a CVSS score of 8.8 and low attack complexity requiring only valid subscriber credentials, this vulnerability poses significant real-world risk to WordPress installations using this theme.

WordPress Privilege Escalation PHP +1
NVD
EPSS 0% CVSS 7.3
HIGH POC PATCH This Week

CVE-2025-5199 is a local privilege escalation vulnerability in Canonical Multipass up to version 1.15.1 on macOS, where incorrect default file permissions on a Launch Daemon allow an authenticated local attacker to modify files executed with administrative privileges during system startup. An attacker with local user access can escalate to root/administrator level through file manipulation, presenting a high-impact privilege escalation risk on affected macOS systems.

Apple Privilege Escalation Multipass +1
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL Act Now

CVE-2025-7503 is a security vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affected systems.

RCE Privilege Escalation Authentication Bypass +2
NVD GitHub
EPSS 0% CVSS 8.2
HIGH This Week

CVE-2025-7029 is a critical SMRAM corruption vulnerability in software SMI handlers that allows local attackers with high privileges to achieve arbitrary memory writes and potential SMM privilege escalation. The vulnerability exists in SwSmiInputValue 0xB2 handler where attacker-controlled RBX register values are used to derive unvalidated pointers for power and thermal configuration operations. This affects firmware-level security boundaries and could enable complete system compromise, though exploitation requires elevated privileges and no public exploit code or active KEV exploitation has been reported at this time.

Privilege Escalation Buffer Overflow Memory Corruption
NVD
EPSS 0% CVSS 8.2
HIGH This Week

CVE-2025-7027 is a security vulnerability (CVSS 8.2) that allows a local attacker. High severity vulnerability requiring prompt remediation.

Privilege Escalation
NVD
EPSS 0% CVSS 8.2
HIGH This Week

A privilege escalation vulnerability (CVSS 8.2) that allows a local attacker. High severity vulnerability requiring prompt remediation.

Privilege Escalation
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

CVE-2025-52983 is a critical authentication bypass vulnerability in Juniper Networks Junos OS on VM Host Routing Engines where public keys configured for root access are not properly validated, allowing users possessing the corresponding private key to gain unauthorized root-level access even after the public key has been administratively removed from the system. This network-accessible vulnerability affects multiple Junos OS release branches and requires high privileges to configure but enables complete system compromise once exploited. While the CVSS score of 7.2 reflects significant impact, the practical risk depends on KEV designation and active exploitation status.

Juniper Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

A remote code execution vulnerability in line card script processing of Juniper Networks Junos OS allows a local (CVSS 7.3). High severity vulnerability requiring prompt remediation.

Juniper Privilege Escalation Junos
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH This Week

CVE-2025-50124 is a privilege escalation vulnerability (CWE-269: Improper Privilege Management) affecting server systems with a CVSS score of 7.2. The vulnerability exists in a setup script that can be exploited when accessed by a privileged account via console, allowing attackers to escalate privileges and gain high-impact control over confidentiality, integrity, and availability. This is a physical/local attack vector requiring high privileges and significant effort, limiting widespread exploitation but representing critical risk in restricted access environments.

Privilege Escalation
NVD
EPSS 0% CVSS 7.2
HIGH This Week

CVE-2025-50123 is a code injection vulnerability (CWE-94) in an unspecified server product that allows remote command execution when accessed via console by a privileged account through malicious hostname input. The vulnerability has a CVSS 4.0 score of 7.2 and requires physical access and high privileges, significantly limiting real-world exploitability despite the high impact potential. KEV status and EPSS scoring data are unavailable in provided intelligence, but the physical attack vector and high privilege requirement suggest this poses limited risk in typical network environments.

RCE Code Injection Privilege Escalation +1
NVD
EPSS 0% CVSS 8.9
HIGH This Week

CVE-2025-50122 is a cryptographic entropy vulnerability (CWE-331) in password generation algorithms that allows attackers with access to installation or upgrade artifacts to reverse engineer and discover root passwords. This affects products using insufficient entropy in their root password generation during deployment phases. With a CVSS score of 8.9 and network-adjacent attack vector, this poses a critical risk to systems deployed in environments where installation artifacts may be accessible or retained. The vulnerability requires moderate attack complexity but no user interaction, making it viable for targeted attacks against infrastructure during or shortly after deployment.

Information Disclosure Privilege Escalation
NVD
Prev Page 26 of 148 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy