CVSS: 7.0EPSS: %CPEs: 1EXPL: 0CVE-2025-25011 – Beats Uncontrolled Search Path Element can lead to Local Privilege Escalation (LPE) when using the Windows Installer
https://notcve.org/view.php?id=CVE-2025-25011
30 Jul 2025 — An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. ... An attacker with local access may exploit this flaw to move and delete arbitrary files, potentially gaining SYSTEM privileges. • https://discuss.elastic.co/t/beats-windows-installer-9-1-0-security-update-esa-2025-12/380558 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.0EPSS: %CPEs: 2EXPL: 0CVE-2025-0712 – APM Server Uncontrolled Search Path Element can lead to Local Privilege Escalation (LPE) when using the Windows Installer
https://notcve.org/view.php?id=CVE-2025-0712
30 Jul 2025 — An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. ... An attacker with local access may exploit this flaw to move and delete arbitrary files, potentially gaining SYSTEM privileges. • https://discuss.elastic.co/t/beats-windows-installer-9-1-0-security-update-esa-2025-12/380558 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.5EPSS: %CPEs: -EXPL: 0CVE-2025-43255 – Apple macOS AppleIntelKBLGraphics Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-43255
29 Jul 2025 — This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the kernel. •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-54569
https://notcve.org/view.php?id=CVE-2025-54569
28 Jul 2025 — In Malwarebytes Binisoft Windows Firewall Control before 6.16.0.0, the installer is vulnerable to local privilege escalation. • https://www.malwarebytes.com/secure/cves/cve-2025-54569 • CWE-863: Incorrect Authorization •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-13975 – Commvault 11.20.0 - 11.36.0 Windows Access Nodes Compromise via Local File Server Agent Abuse
https://notcve.org/view.php?id=CVE-2024-13975
25 Jul 2025 — A local privilege escalation vulnerability exists in Commvault for Windows versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. In affected configurations, a local attacker who owns a client system with the file server agent installed can compromise any assigned Windows access nodes. • https://documentation.commvault.com/securityadvisories/CV_2024_09_1.html • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-48729
https://notcve.org/view.php?id=CVE-2024-48729
25 Jul 2025 — An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows a remote attacker to escalate privileges via the /osm/admin/v1/users component An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows a remote attacker to escalate... • http://open.com • CWE-269: Improper Privilege Management •
CVSS: 7.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-48730
https://notcve.org/view.php?id=CVE-2024-48730
25 Jul 2025 — An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows a remote attacker to escalate privileges via not imposing any restrictions on the authentication attempts performed by an admin user An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows a remote attacker to escalate... • http://open.com • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-26397 – SolarWinds Observability Self-Hosted Deserialization of Untrusted Data Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-26397
24 Jul 2025 — SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability. An attacker with low privileges can escalate privileges to run malicious files copied to a permission-protected folder. ... This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds TFTP Server. ... An attacker can leverage this vulnerability to escalate
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-6685 – ATEN eco DC Missing Authorization Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-6685
24 Jul 2025 — This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-8069 – Local Privilege Escalation Vulnerability in AWS Client VPN Windows Client
https://notcve.org/view.php?id=CVE-2025-8069
23 Jul 2025 — During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x86_64-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. ... This vulnerability allows local attackers to escalate privileges on affected installations of Amazon AWS Client VPN. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://aws.amazon.com/security/security-bulletins/AWS-2025-014 • CWE-276: Incorrect Default Permissions •