CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-34489 – GFI MailEssentials Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-34489
28 Apr 2025 — GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. • https://frycos.github.io/vulns4free/2025/04/28/mailessentials.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30408
https://notcve.org/view.php?id=CVE-2025-30408
24 Apr 2025 — Local privilege escalation due to insecure folder permissions. • https://security-advisory.acronis.com/advisories/SEC-8035 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-3500 – Avast Free Antivirus Integer Overflow Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-3500
24 Apr 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-27580
https://notcve.org/view.php?id=CVE-2025-27580
23 Apr 2025 — NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 generates predictable tokens (that depend on username, time, and the fixed 7Dl9#dj- string) and thus allows unauthenticated users with a Common Access Card (CAC) to escalate privileges and compromise any account, including administrators. • https://brics.cit.nih.gov • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3886 – CatoNetworks CatoClient up to 5.8 PrivilegedHelperTool Race Condition
https://notcve.org/view.php?id=CVE-2025-3886
23 Apr 2025 — An issue in CatoNetworks CatoClient before v.5.8.0 allows attackers to escalate privileges and achieve a race condition (TOCTOU) via the PrivilegedHelperTool component. This vulnerability allows local attackers to escalate privileges on affected installations of Cato Networks Cato Client for macOS. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://support.catonetworks.com/hc/en-us/articles/26903049677597-Security-Vulnerability-CVE-2025-3886-that-Impacts-macOS-Client-Versions-Lower-than-5-8 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1732
https://notcve.org/view.php?id=CVE-2025-1732
22 Apr 2025 — An improper privilege management vulnerability in the recovery function of the USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-incorrect-permission-assignment-and-improper-privilege-management-vulnerabilities-in-usg-flex-h-series-firewalls-04-22-2025 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1731 – Zyxel uOS 1.31 Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-1731
22 Apr 2025 — The USG FLEX H Series with the operating system Zyxel uOS version 1.31 suffers from a local privilege escalation vulnerability via the setuid binary fermion-wrapper. • https://packetstorm.news/files/id/190622 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43922
https://notcve.org/view.php?id=CVE-2025-43922
21 Apr 2025 — The FileWave Windows client before 16.0.0, in some non-default configurations, allows an unprivileged local user to escalate privileges to SYSTEM. • https://kb.filewave.com/books/downloads/page/filewave-version-1603 • CWE-863: Incorrect Authorization •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43917
https://notcve.org/view.php?id=CVE-2025-43917
19 Apr 2025 — In Pritunl Client before 1.3.4220.57, an administrator with access to /Applications can escalate privileges after uninstalling the product. • https://forum.pritunl.com/t/pritunl-client-v1-3-4220-57/3183 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24914 – Local Priviledge Escalation
https://notcve.org/view.php?id=CVE-2025-24914
18 Apr 2025 — This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-24914 Al instalar Nessus en una ubicación no predeterminada en un host Windows, las versiones de Nessus anteriores a la 10.8.4 no aplicaban permisos seguros a los subdirectorios. • https://www.tenable.com/security/tns-2025-05 • CWE-276: Incorrect Default Permissions •