CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-22231 – VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)
https://notcve.org/view.php?id=CVE-2025-22231
01 Apr 2025 — VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25541 • CWE-269: Improper Privilege Management •
CVSS: 8.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-0416 – Valmet DNA Local privilege escalation through insecure DCOM configuration
https://notcve.org/view.php?id=CVE-2025-0416
01 Apr 2025 — Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. • https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0416 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24256 – Apple macOS AppleIntelKBLGraphics Time-Of-Check Time-Of-Use Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24256
31 Mar 2025 — This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. • https://support.apple.com/en-us/122373 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-22937
https://notcve.org/view.php?id=CVE-2025-22937
31 Mar 2025 — An issue in Adtran 411 ONT vL80.00.0011.M2 allows attackers to escalate privileges via unspecified vectors. • https://drive.google.com/file/d/1levaZk5aC6g6a2zPW8xlOIVAu9MFYvAz/view • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-22939
https://notcve.org/view.php?id=CVE-2025-22939
31 Mar 2025 — A command injection vulnerability in the telnet service of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands. • https://drive.google.com/file/d/1levaZk5aC6g6a2zPW8xlOIVAu9MFYvAz/view • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-22941
https://notcve.org/view.php?id=CVE-2025-22941
31 Mar 2025 — A command injection vulnerability in the web interface of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands. • https://drive.google.com/file/d/1levaZk5aC6g6a2zPW8xlOIVAu9MFYvAz/view • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2782 – WatchGuard Terminal Services Agent Local Privilege Escalation via Non-Standard Installation Directory
https://notcve.org/view.php?id=CVE-2025-2782
28 Mar 2025 — This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00005 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2781 – WatchGuard Mobile VPN with SSL Local Privilege Escalation via Non-Standard Installation Directory
https://notcve.org/view.php?id=CVE-2025-2781
28 Mar 2025 — This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00004 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2713 – Improper File Permission Handling in Google gVisor runsc
https://notcve.org/view.php?id=CVE-2025-2713
28 Mar 2025 — Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. • https://github.com/google/gvisor/commit/586c38d70081b13b2ed494cef48e99b93956843e • CWE-269: Improper Privilege Management •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30232 – Debian Security Advisory 5887-1
https://notcve.org/view.php?id=CVE-2025-30232
27 Mar 2025 — A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges. • https://www.exim.org/static/doc/security/CVE-2025-30232.txt • CWE-416: Use After Free •