CVSS: 10.0EPSS: %CPEs: 2EXPL: 2CVE-2025-34112 – Riverbed SteelCentral NetProfiler / NetExpress 10.8.7 RCE
https://notcve.org/view.php?id=CVE-2025-34112
15 Jul 2025 — The attacker may escalate privileges to root by exploiting an insecure sudoers configuration that allows the 'mazu' user to execute arbitrary commands as root via SSH key extraction and command chaining. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/riverbed_netprofiler_netexpress_exec.rb • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-266: Incorrect Privilege Assignment CWE-306: Missing Authentication for Critical Function •
CVSS: 4.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24477
https://notcve.org/view.php?id=CVE-2025-24477
15 Jul 2025 — A heap-based buffer overflow in Fortinet FortiOS versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2.4 through 7.2.11 allows an attacker to escalate its privileges via a specially crafted CLI command • https://fortiguard.fortinet.com/psirt/FG-IR-25-026 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0CVE-2025-53024 – Oracle VirtualBox VMSVGA Integer Overflow Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-53024
15 Jul 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-269: Improper Privilege Management •
CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0CVE-2025-53027 – Oracle VirtualBox OHCI USB Controller Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-53027
15 Jul 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-269: Improper Privilege Management •
CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0CVE-2025-53028 – Oracle VirtualBox VMSVGA Out-Of-Bounds Write Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-53028
15 Jul 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-284: Improper Access Control •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27582
https://notcve.org/view.php?id=CVE-2025-27582
14 Jul 2025 — The Secure Password extension in One Identity Password Manager before 5.14.4 allows local privilege escalation. ... From this dialog, the attacker can exploit standard Windows functionality - such as the Print to PDF or Add Printer wizard - to spawn a command prompt with SYSTEM privileges. Successful exploitation allows a local attacker (with access to a locked workstation) to gain SYSTEM-level privileges, granting full control over the affected device. • https://www.cyberis.com/article/password-manager-privilege-escalation • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7012 – Cato Networks Linux Client Local Privilege Escalation via Symlink
https://notcve.org/view.php?id=CVE-2025-7012
13 Jul 2025 — An issue in Cato Networks' CatoClient for Linux, before version 5.5, allows a local attacker to escalate privileges to root by exploiting improper symbolic link handling. • https://support.catonetworks.com/hc/en-us/articles/28552501717405-CVE-2025-7012-Linux-Client-Local-Privilege-Escalation-via-Symbolic-Link-Handling • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5199 – LPE on Multipass for macOS
https://notcve.org/view.php?id=CVE-2025-5199
11 Jul 2025 — In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup. • https://github.com/canonical/multipass/pull/4115 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-30025
https://notcve.org/view.php?id=CVE-2025-30025
11 Jul 2025 — The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation. The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation. • https://www.axis.com/dam/public/40/0e/03/cve-2025-30025pdf-en-US-485736.pdf • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2790 – G DATA Total Security GDTunerSvc Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-2790
11 Jul 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •