CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0CVE-2025-20661
https://notcve.org/view.php?id=CVE-2025-20661
07 Apr 2025 — This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. • https://corp.mediatek.com/product-security-bulletin/April-2025 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-20660
https://notcve.org/view.php?id=CVE-2025-20660
07 Apr 2025 — This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. • https://corp.mediatek.com/product-security-bulletin/April-2025 • CWE-125: Out-of-bounds Read •
CVSS: 6.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-20658
https://notcve.org/view.php?id=CVE-2025-20658
07 Apr 2025 — This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/April-2025 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-20657
https://notcve.org/view.php?id=CVE-2025-20657
07 Apr 2025 — This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. • https://corp.mediatek.com/product-security-bulletin/April-2025 • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-20656
https://notcve.org/view.php?id=CVE-2025-20656
07 Apr 2025 — This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/April-2025 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-28400
https://notcve.org/view.php?id=CVE-2025-28400
07 Apr 2025 — An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method • https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28400.md • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-28401
https://notcve.org/view.php?id=CVE-2025-28401
07 Apr 2025 — An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter • https://github.com/yangzongzhuan/RuoYi • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-28402
https://notcve.org/view.php?id=CVE-2025-28402
07 Apr 2025 — An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter • https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28402.md • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-28403
https://notcve.org/view.php?id=CVE-2025-28403
07 Apr 2025 — An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings • https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28403.md • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-28405
https://notcve.org/view.php?id=CVE-2025-28405
07 Apr 2025 — An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method • https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28405.md • CWE-284: Improper Access Control •