
CVE-2025-25269 – Local Privilege Escalation via Unauthenticated Command Injection
https://notcve.org/view.php?id=CVE-2025-25269
08 Jul 2025 — An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation. • https://certvde.com/de/advisories/VDE-2025-019 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVE-2025-24006 – Privilege Escalation via Insecure SSH Permissions
https://notcve.org/view.php?id=CVE-2025-24006
08 Jul 2025 — A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root. • https://certvde.com/de/advisories/VDE-2025-014 • CWE-269: Improper Privilege Management •

CVE-2025-24005 – Local Privilege Escalation via Vulnerable SSH Script
https://notcve.org/view.php?id=CVE-2025-24005
08 Jul 2025 — A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation. • https://certvde.com/de/advisories/VDE-2025-014 • CWE-20: Improper Input Validation •

CVE-2025-1351 – IBM Storage Virtualize privilege escalation
https://notcve.org/view.php?id=CVE-2025-1351
07 Jul 2025 — IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function. • https://www.ibm.com/support/pages/node/7237157 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVE-2025-6812 – Parallels Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-6812
07 Jul 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Client. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. •

CVE-2025-34078 – NSClient++ 0.5.2.35 Local Privilege Escalation via ExternalScripts and Web Interface
https://notcve.org/view.php?id=CVE-2025-34078
02 Jul 2025 — A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/nscp_pe.rb • CWE-269: Improper Privilege Management CWE-312: Cleartext Storage of Sensitive Information •

CVE-2025-36630 – Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-36630
01 Jul 2025 — In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege. En versiones de Tenable Nessus anteriores a 10.8.5 en un host Windows, se descubrió que un usuario no administrativo podía sobrescribir archivos arbitrarios del sistema local con contenido de registro con privilegio SYSTEM. • https://www.tenable.com/security/tns-2025-13 • CWE-269: Improper Privilege Management •

CVE-2025-32462 – sudo: LPE via host option
https://notcve.org/view.php?id=CVE-2025-32462
30 Jun 2025 — In certain configurations, unauthorized users can gain elevated system privileges via the Sudo host option (`-h` or `--host`). ... However, this restriction can be bypassed, allowing a user to elevate their privileges on one system to the privileges they may have on a different system, effectively ignoring the host identifier in any sudoers rules. ... Rich Mirch discovered that sudo, a program designed to provide limited super user privileges to specific users, does not correctly... • https://github.com/CryingN/CVE-2025-32462 • CWE-863: Incorrect Authorization •

CVE-2025-24290
https://notcve.org/view.php?id=CVE-2025-24290
29 Jun 2025 — Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges. • https://community.ui.com/releases/Security-Advisory-Bulletin-048-048/af007d99-bb6d-4368-a12f-75e84de19e8d • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVE-2023-28906 – Command injection in networking service
https://notcve.org/view.php?id=CVE-2023-28906
28 Jun 2025 — A command injection in the networking service of the MIB3 infotainment allows an attacker already presenting in the system to escalate privileges and obtain administrative access to the system. A command injection in the networking service of the MIB3 infotainment allows an attacker already presenting in the system to escalate privileges and obtain administrative access to the system. • https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •