CVSS: 10.0EPSS: %CPEs: 2EXPL: 2CVE-2025-34112 – Riverbed SteelCentral NetProfiler / NetExpress 10.8.7 RCE
https://notcve.org/view.php?id=CVE-2025-34112
15 Jul 2025 — The attacker may escalate privileges to root by exploiting an insecure sudoers configuration that allows the 'mazu' user to execute arbitrary commands as root via SSH key extraction and command chaining. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/riverbed_netprofiler_netexpress_exec.rb • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-266: Incorrect Privilege Assignment CWE-306: Missing Authentication for Critical Function •
CVSS: 8.5EPSS: %CPEs: 4EXPL: 2CVE-2025-34109 – Panda Security PSEvents.exe Insecure DLL Loading Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-34109
15 Jul 2025 — PSEvents.exe in multiple Panda Security products runs hourly with SYSTEM privileges and loads DLL files from a user-writable directory without proper validation. An attacker with low-privileged access who can write DLL files to the monitored directory can achieve arbitrary code execution with SYSTEM privileges. Affected products include Panda Global Protection 2016, Panda Antivirus Pro 2016, Panda Small Business Protection, and Panda Internet Security 2016 (all versions up to 16.1.2). • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/panda_psevents.rb • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.2EPSS: %CPEs: -EXPL: 0CVE-2025-53024 – Oracle VirtualBox VMSVGA Integer Overflow Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-53024
15 Jul 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-269: Improper Privilege Management •
CVSS: 8.2EPSS: %CPEs: -EXPL: 0CVE-2025-53027 – Oracle VirtualBox OHCI USB Controller Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-53027
15 Jul 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-269: Improper Privilege Management •
CVSS: 8.2EPSS: %CPEs: -EXPL: 0CVE-2025-53028 – Oracle VirtualBox VMSVGA Out-Of-Bounds Write Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-53028
15 Jul 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-284: Improper Access Control •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27582
https://notcve.org/view.php?id=CVE-2025-27582
14 Jul 2025 — The Secure Password extension in One Identity Password Manager before 5.14.4 allows local privilege escalation. ... Successful exploitation allows a local attacker (with access to a locked workstation) to gain SYSTEM-level privileges, granting full control over the affected device. • https://www.cyberis.com/article/password-manager-privilege-escalation • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7012 – Cato Networks Linux Client Local Privilege Escalation via Symlink
https://notcve.org/view.php?id=CVE-2025-7012
13 Jul 2025 — An issue in Cato Networks' CatoClient for Linux, before version 5.5, allows a local attacker to escalate privileges to root by exploiting improper symbolic link handling. • https://support.catonetworks.com/hc/en-us/articles/28552501717405-CVE-2025-7012-Linux-Client-Local-Privilege-Escalation-via-Symbolic-Link-Handling • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5199 – LPE on Multipass for macOS
https://notcve.org/view.php?id=CVE-2025-5199
11 Jul 2025 — In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup. • https://github.com/canonical/multipass/pull/4115 • CWE-276: Incorrect Default Permissions •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7026 – SMM Arbitrary Write via Unchecked RBX Pointer in CommandRcx0
https://notcve.org/view.php?id=CVE-2025-7026
11 Jul 2025 — A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control the RBX register, which is used as an unchecked pointer in the CommandRcx0 function. If the contents at RBX match certain expected values (e.g., '$DB$' or '2DB$'), the function performs arbitrary writes to System Management RAM (SMRAM), leading to potential privilege escalation to System Management Mode (SMM) and persistent firmware compromise. • https://kb.cert.org/vuls/id/746790 •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7027 – SMM Arbitrary Write via Dual-Controlled Pointers in CommandRcx1
https://notcve.org/view.php?id=CVE-2025-7027
11 Jul 2025 — A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control both the read and write addresses used by the CommandRcx1 function. ... This dual-pointer dereference enables arbitrary memory writes within System Management RAM (SMRAM), leading to potential SMM privilege escalation and firmware compromise. • https://kb.cert.org/vuls/id/746790 •