Skip to main content

Privilege Escalation

auth HIGH

Privilege escalation occurs when an attacker leverages flaws in access control mechanisms to gain permissions beyond what they were originally granted.

How It Works

Privilege escalation occurs when an attacker leverages flaws in access control mechanisms to gain permissions beyond what they were originally granted. The attack exploits the gap between what the system thinks a user can do and what they actually can do through manipulation or exploitation.

Vertical escalation is the classic form—a regular user obtaining administrator rights. This happens through kernel exploits that bypass OS-level security, misconfigurations in role-based access control (RBAC) that fail to enforce boundaries, or direct manipulation of authorization tokens and session data. Horizontal escalation involves accessing resources belonging to users at the same privilege level, typically through insecure direct object references (IDOR) where changing an ID in a request grants access to another user's data.

Context-dependent escalation exploits workflow logic by skipping authorization checkpoints. An attacker might access administrative URLs directly without going through proper authentication flows, manipulate parameters to bypass permission checks, or exploit REST API endpoints that don't validate method permissions—like a read-only GET permission that can be leveraged for write operations through protocol upgrades or alternative endpoints.

Impact

  • Full system compromise through kernel-level exploits granting root or SYSTEM privileges
  • Administrative control over applications, allowing configuration changes, user management, and deployment of malicious code
  • Lateral movement across cloud infrastructure, containers, or network segments using escalated service account permissions
  • Data exfiltration by accessing databases, file systems, or API endpoints restricted to higher privilege levels
  • Persistence establishment through creation of backdoor accounts or modification of system configurations

Real-World Examples

Kubernetes clusters have been compromised through kubelet API misconfigurations where read-only GET permissions on worker nodes could be escalated to remote code execution. Attackers upgraded HTTP connections to WebSockets to access the /exec endpoint, gaining shell access to all pods on the node. This affected over 69 Helm charts including widely-deployed monitoring tools like Prometheus, Grafana, and Datadog agents.

Windows Print Spooler vulnerabilities (PrintNightmare class) allowed authenticated users to execute arbitrary code with SYSTEM privileges by exploiting improper privilege checks in the print service. Attackers loaded malicious DLLs through carefully crafted print jobs, escalating from low-privilege user accounts to full domain administrator access.

Cloud metadata services have been exploited where SSRF vulnerabilities combined with over-permissioned IAM roles allowed attackers to retrieve temporary credentials with elevated permissions, pivoting from compromised web applications to broader cloud infrastructure access.

Mitigation

  • Enforce deny-by-default access control where permissions must be explicitly granted rather than implicitly allowed
  • Implement consistent authorization checks at every layer—API gateway, application logic, and data access—never relying on client-side or single-point validation
  • Apply principle of least privilege with time-limited, scope-restricted permissions and just-in-time access for administrative functions
  • Audit permission inheritance and role assignments regularly to identify overly permissive configurations or privilege creep
  • Separate execution contexts using containers, sandboxes, or capability-based security to limit blast radius
  • Deploy runtime monitoring for unusual privilege usage patterns and anomalous access to restricted resources

Recent CVEs (13302)

EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated attackers can escalate privileges in WordPress installations using the Membership Plugin - Restrict Content (versions up to 3.2.20) by registering with arbitrary membership levels, including inactive levels or those granting administrator access, due to insufficient validation of the rcp_level parameter. This allows attackers to bypass payment requirements and gain unauthorized administrative roles without authentication. No patch is currently available for this vulnerability.

WordPress Privilege Escalation Authentication Bypass
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 3.3).

Privilege Escalation
NVD
EPSS 0% CVSS 10.0
CRITICAL POC Act Now

Plaintext daemon credentials in IDC SFX2100 routing config files (zebra, bgpd, ospfd, ripd). CVSS 10.0. PoC available.

IoT BGP Privilege Escalation +4
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Privilege escalation in LMS Elementor Pro WordPress plugin.

Privilege Escalation
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices contains a security vulnerability (CVSS 7.1).

WordPress Privilege Escalation
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Privilege escalation in Amelia booking plugin through version 1.2.38 allows high-privileged users to gain unauthorized elevated access due to improper privilege assignment. An authenticated attacker with administrative credentials can exploit this vulnerability to compromise system integrity and confidentiality. No patch is currently available.

Privilege Escalation
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Local privilege escalation in IDC SFX2100 Satellite Receiver firmware occurs due to overly permissive file system permissions (0777) on a privileged user's home directory, allowing any local user to read, write, and execute files within it. An attacker with local access can leverage highly privileged processes and binaries in this directory to escalate their privileges on the system. Public exploit code exists for this vulnerability, and no patch is currently available.

Privilege Escalation Sfx2100 Firmware
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Ups Multi-Ups Management Console versions up to 01.06.0001_\(a03\) is affected by incorrect default permissions (CVSS 7.8).

Privilege Escalation RCE Ups Multi Ups Management Console
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Sfx2100 Firmware versions up to - is affected by incorrect permission assignment for critical resource (CVSS 7.8).

Privilege Escalation Sfx2100 Firmware
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Sfx2100 Satellite Receiver firmware contains multiple SUID root binaries in predictable locations that allow local privilege escalation from the monitor user to root. Public exploit code exists for this vulnerability, enabling any local user with monitor privileges to gain complete system control. A patch is not currently available, leaving affected devices vulnerable to privilege escalation attacks.

Privilege Escalation Sfx2100 Firmware
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Local privilege escalation in IDC SFX2100 firmware affects Linux systems through a SUID binary vulnerable to PATH hijacking, symlink abuse, and shared object hijacking. A local attacker can exploit this to gain root-level privileges, and public exploit code is available. No patch is currently available to address this HIGH severity vulnerability.

Linux Privilege Escalation Sfx2100 Firmware
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Privileged file disclosure in IDC SFX2100 satellite receiver firmware results from a setuid-enabled date binary that allows local users to read root-owned files including /etc/shadow and other sensitive configuration data. A local attacker can leverage publicly available exploit techniques to gain unauthorized access to confidential system information. Public exploit code exists for this vulnerability, though no patch is currently available.

Privilege Escalation Sfx2100 Firmware
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

The setuid bit on the /sbin/ip utility in IDC SFX2100 satellite receiver firmware allows local users to execute privileged operations as root, enabling unauthorized file reads and potential privilege escalation attacks. Public exploit code exists for this vulnerability, and affected users have no available patch. This vulnerability impacts any local user with access to the device.

Privilege Escalation Sfx2100 Firmware
NVD
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Vaultwarden versions prior to 1.35.4 fail to properly enforce collection management permissions, allowing authenticated users with Manager roles to perform restricted management operations on collections where they lack authorization. An attacker with valid credentials can exploit this privilege escalation to modify or control collections they should not have access to. No patch is currently available for affected deployments.

Privilege Escalation Vaultwarden Red Hat
NVD GitHub
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Vaultwarden versions before 1.35.4 contain a privilege escalation vulnerability that allows authenticated Manager-level users to modify permissions on collections they should not have access to. An attacker with Manager role can exploit this during bulk permission updates to gain unauthorized access to sensitive collections. A patch is available in version 1.35.4 and should be applied immediately.

Privilege Escalation Vaultwarden Red Hat
NVD GitHub
EPSS 0% CVSS 8.6
HIGH PATCH This Week

The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting (XSS) via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML <title> tag without proper escaping. An attacker with permissions to create or edit blog posts can inject malicious J...

XSS Privilege Escalation Blog Application
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Docker CLI for Windows (through version 29.1.5) lets a low-privileged user plant malicious CLI-plugin binaries that execute when a higher-privileged victim runs Docker. Because C:\ProgramData\Docker\cli-plugins does not exist by default, any local user can create it and drop trojanized binaries such as docker-compose.exe or docker-buildx.exe, which Docker Desktop or the CLI plugin manager will load and execute. EPSS is very low (0.01%) and there is no public exploit identified at time of analysis, but ZDI tracked the issue (ZDI-CAN-28304) and a vendor patch is available.

Docker Command Line Interface Microsoft +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. [CVSS 6.5 MEDIUM]

Privilege Escalation Openshift Container Platform Enterprise Linux +1
NVD
EPSS 0% CVSS 6.6
MEDIUM POC PATCH This Month

erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe. [CVSS 6.6 MEDIUM]

Privilege Escalation Erase Install
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

Powerscale Onefs versions up to 9.10.1.6 is affected by execution with unnecessary privileges (CVSS 6.7).

Privilege Escalation Dell Powerscale Onefs
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Powerscale Onefs versions up to 9.10.1.6 is affected by execution with unnecessary privileges (CVSS 6.7).

Privilege Escalation Dell Powerscale Onefs
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Privilege escalation and auth bypass in OpenSTAManager 2.9.8. PoC available.

PHP Privilege Escalation Authentication Bypass +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Command \| Intel Vpro Out Of Band versions up to 4.7.0 is affected by uncontrolled search path element (CVSS 8.8).

Privilege Escalation Dell
NVD
EPSS 0% CVSS 7.2
HIGH POC This Week

Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files. [CVSS 7.2 HIGH]

Privilege Escalation Authentication Bypass Tranzman
NVD GitHub
EPSS 0% CVSS 8.5
HIGH This Week

Local privilege escalation in iBoysoft NTFS for Mac 8.0.0 allows authenticated macOS users to gain root access through the ntfshelperd privileged helper daemon. The daemon exposes an unauthenticated NSConnection service running as root, enabling any local user with standard privileges to communicate directly with the root-level service and execute privileged operations. EPSS probability is very low (0.02%, 6th percentile) with no confirmed active exploitation or public POC at time of analysis, suggesting limited real-world targeting despite high technical severity.

Privilege Escalation Ntfs For Mac
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A privilege escalation vulnerability in Inno Setup 6.2.1 and earlier versions allows local attackers to gain elevated privileges through DLL hijacking. This vulnerability requires user interaction but no authentication, enabling attackers to execute arbitrary code with higher privileges by placing a malicious DLL in a location searched by the installer. While not currently listed in CISA KEV, the vulnerability has a moderate EPSS score of 0.043% and affects a widely-used Windows installer creation tool.

Privilege Escalation Inno Setup
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Privilege escalation in User Registration & Membership WordPress plugin.

WordPress Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated agents in the LatePoint WordPress plugin versions up to 5.2.7 can arbitrarily link customer accounts to any user ID during account creation, enabling privilege escalation to administrator accounts. An attacker with agent-level access can exploit this to reset an administrator's password and gain full site control. No patch is currently available.

WordPress Privilege Escalation
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Local privilege escalation in theshit command-line utility versions prior to 0.2.0 allows unprivileged users to execute arbitrary commands with elevated privileges through improper privilege dropping during command re-execution. An attacker with local access can exploit this vulnerability to gain root or elevated system access. No patch is currently available.

Privilege Escalation
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Week

Android versions up to 16.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Android versions up to - contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Local privilege escalation in Android's ffa.c component allows unauthenticated attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability stems from a logic error in multiple functions and requires only local access to exploit. A patch is available to address this high-severity flaw.

Memory Corruption Privilege Escalation Android +1
NVD
EPSS 0% CVSS 8.4
HIGH This Week

An Android MediaProvider logic error allows local applications to obtain unauthorized read and write access to arbitrary files, enabling privilege escalation without requiring additional permissions or user interaction. This vulnerability affects the createRequest function and permits apps to manipulate file access controls beyond their intended scope. No patch is currently available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Improper input validation in Android's ManagedServices notification policy handler allows local attackers to escalate privileges without requiring additional permissions or user interaction. An attacker can exploit this flaw to desynchronize notification policies and gain elevated system privileges on the affected device. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A logic error in Android's mem_protect.c enables local attackers to write out-of-bounds memory and escalate privileges without requiring additional permissions or user interaction. This vulnerability affects Android devices and can be exploited by any local user to gain elevated system privileges. A patch is available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Local privilege escalation in Android's mem_protect.c results from integer overflow conditions that enable out-of-bounds memory writes, allowing unauthenticated local attackers to gain elevated system privileges without user interaction. The vulnerability affects multiple functions within the memory protection component and is exploitable by any process on the affected device. A patch is available to address this high-severity issue.

Integer Overflow Privilege Escalation Android +1
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Local privilege escalation in Android's mem_protect.c allows unprivileged attackers to achieve full system access through an out-of-bounds write caused by insufficient bounds validation. The vulnerability requires no user interaction and can be exploited immediately upon device compromise by any local process.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Local privilege escalation in Android's pKVM hypervisor initialization allows unprivileged attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability stems from a logic error in the __pkvm_init_vm function that fails to properly validate memory operations during VM setup. A patch is available to address this high-severity flaw affecting Android devices.

Memory Corruption Privilege Escalation Android +1
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Local privilege escalation in Android's __pkvm_host_share_guest function allows unprivileged attackers to achieve kernel-level code execution through integer overflow-induced out-of-bounds memory writes. The vulnerability requires no user interaction and can be exploited directly from any local context on affected devices. A patch is available to address this high-severity flaw.

Integer Overflow Privilege Escalation Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

The ARM SMMU v3 driver in Android contains a use-after-free vulnerability in the smmu_detach_dev function that could allow a local privileged attacker to execute arbitrary code with system privileges. An attacker with high-level system access can trigger an out-of-bounds write to escalate privileges without requiring user interaction. A patch is available to address this issue.

Use After Free Privilege Escalation Android +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in Android's PermissionManagerServiceImpl allows an attacker to override system permissions through a logic error in the removePermission function. An unprivileged local attacker can exploit this vulnerability with user interaction to gain elevated privileges. No patch is currently available and exploitation requires physical or local access to the device.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Unauthorized information disclosure in Android's Notification.java hasImage method allows local attackers to bypass permission checks and access sensitive data across user accounts without requiring elevated privileges or user interaction. This permissions bypass can lead to local privilege escalation on affected Android devices. No patch is currently available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper permission validation in Android's PackageInstallerService allows a local app to modify its own package ownership without requiring elevated privileges, enabling privilege escalation. An attacker with a malicious app installed on the device can exploit this flaw without user interaction to gain unauthorized access to system resources. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Android versions up to 14.0 is affected by authorization bypass through user-controlled key (CVSS 8.4).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Biometric authentication bypass in Android's BiometricService allows local attackers to enable fingerprint unlock through a logic error, resulting in privilege escalation without requiring user interaction or special permissions. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Local privilege escalation in Android's Settings.java enableSystemPackageLPw function allows unauthenticated local attackers to manipulate location access controls through a logic error, requiring no user interaction. An attacker with local access can exploit this vulnerability to gain elevated privileges and bypass location permission enforcement. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Local privilege escalation in Android's DRM manager service allows unprivileged processes to achieve system-level access through an out-of-bounds memory write in the IDrmManagerService transaction handler. The vulnerability requires no user interaction and can be exploited immediately upon execution, making it a direct path to elevated privileges on affected Android devices. No patch is currently available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Android versions up to 16.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Android versions up to 14.0 is affected by improper restriction of rendered ui layers or frames (CVSS 8.6).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Android versions up to 16.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 7.8).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

SQLi Privilege Escalation Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 7.8).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.0 HIGH]

Use After Free Privilege Escalation Race Condition +2
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Path Traversal Android +1
NVD
EPSS 0% CVSS 7.7
HIGH This Week

In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.7 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.3
HIGH This Week

In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.3 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 7.4).

Privilege Escalation Information Disclosure Android +1
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.4
HIGH This Week

In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.4 HIGH]

Privilege Escalation Race Condition Android +1
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.4
HIGH This Week

In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.4 HIGH]

Privilege Escalation Race Condition Android +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.8
HIGH This Week

In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Local privilege escalation in Android's display module stems from insufficient bounds checking in memory operations, allowing system-level attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability affects Android devices where an adversary with existing system privileges can exploit this flaw to further escalate their access. No patch is currently available for this issue.

Memory Corruption Privilege Escalation Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Local privilege escalation in Android's display subsystem exploits a use-after-free memory corruption vulnerability to elevate from system-level privileges, requiring no user interaction. An attacker with pre-existing system access can trigger the memory corruption to gain complete control over the affected device. No patch is currently available to remediate this issue.

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Android's MAE component contains an out-of-bounds write vulnerability due to insufficient bounds checking that enables local privilege escalation for attackers with existing system-level access. This memory corruption flaw requires no user interaction and could allow a privileged malicious actor to achieve arbitrary code execution, though exploitation is currently not publicly documented. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.7).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.4).

Privilege Escalation Race Condition Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

The Nbiot SDK's wlan STA driver contains a buffer overflow vulnerability due to missing bounds checking that allows privilege escalation from System-level access. An attacker with existing System privileges can exploit this flaw without user interaction to gain elevated permissions. No patch is currently available for this vulnerability.

Privilege Escalation Nbiot Sdk
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Privilege escalation in Modem affects Nr17, Lr13, Nr16, Lr12a, and Nr15 devices through an out-of-bounds write vulnerability triggered when connecting to a rogue base station. An attacker controlling a malicious base station can achieve remote code execution and full system compromise without requiring additional privileges or user interaction beyond initial network connection. No patch is currently available for this high-severity vulnerability.

Privilege Escalation Nr17 Lr13 +3
NVD
EPSS 0% CVSS 8.8
HIGH This Week

OpenWrt and its Software Development Kit contain an out-of-bounds write vulnerability in the WLAN access point firmware caused by improper bounds checking, enabling adjacent network attackers to achieve privilege escalation without user interaction or special privileges. The vulnerability carries high severity with complete impact across confidentiality, integrity, and availability, though no patch is currently available.

Privilege Escalation Openwrt Software Development Kit
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Improper bounds checking in Android's display subsystem enables local privilege escalation for attackers with system-level access, potentially allowing them to execute arbitrary code with elevated privileges. The vulnerability stems from an out-of-bounds write condition that requires no user interaction to exploit. No patch is currently available for this medium-severity issue.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Android's display subsystem contains a buffer overflow vulnerability stemming from insufficient bounds validation, allowing attackers with system-level privileges to escalate their access further without user interaction. This local privilege escalation affects Android devices and requires an attacker to already possess system privileges, limiting the immediate threat scope. While no patch is currently available, the vulnerability poses a significant risk in multi-user or containerized Android environments where system compromise could lead to complete device control.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Android's display component contains an out-of-bounds write vulnerability due to insufficient bounds checking that could allow a system-privileged attacker to escalate privileges without user interaction. The vulnerability affects devices where an adversary has already obtained system-level access, enabling potential memory corruption and further privilege elevation. No patch is currently available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Android's display module contains an out-of-bounds write vulnerability due to insufficient bounds validation, enabling local privilege escalation for attackers who already possess System-level access. The vulnerability requires no user interaction and could allow complete system compromise through memory corruption. No patch is currently available for this medium-severity issue.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Nbiot Sdk contains a vulnerability that allows attackers to local escalation of privilege with User execution privileges needed (CVSS 7.8).

Privilege Escalation Nbiot Sdk
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Local privilege escalation in Android's PCIe driver allows system-level attackers to execute arbitrary code through an out-of-bounds write caused by insufficient bounds validation. Exploitation requires pre-existing system privileges but no user interaction, enabling a compromised system component to gain complete device control. No patch is currently available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Authenticated Statamic CMS users (versions 6.0.0-6.3.x) can bypass privilege escalation verification checks to gain unauthorized elevated access, potentially enabling unauthorized sensitive operations depending on existing permissions. The vulnerability affects both Statamic and its Laravel framework integration, with a patch available in version 6.4.0.

Laravel Privilege Escalation Statamic
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

OpenEMR versions prior to 8.0.0 allow authenticated portal users to access other patients' protected health information through insecure direct object references (IDOR) in the payment portal, enabling horizontal privilege escalation to view and modify another patient's demographics, invoices, and payment history. The vulnerability stems from accepting patient ID values from user-controlled request parameters instead of validating against the authenticated user's session. Public exploit code exists for this vulnerability.

PHP Privilege Escalation Openemr
NVD GitHub
Prev Page 14 of 148 Next

Quick Facts

Typical Severity
HIGH
Category
auth
Total CVEs
13302

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy