CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1865 – Local Privilege Escalation in Virtual CloneDrive Kernel Driver
https://notcve.org/view.php?id=CVE-2025-1865
04 Apr 2025 — This allows creating files at arbitrary locations with full user control, ultimately allowing for privilege escalation to SYSTEM. • https://www.elby.ch/de/products/vcd.html • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29504
https://notcve.org/view.php?id=CVE-2025-29504
03 Apr 2025 — Insecure Permission vulnerability in student-manage 1 allows a local attacker to escalate privileges via the Unsafe permission verification. La vulnerabilidad de permiso inseguro en student-manage 1 permite a un atacante local escalar privilegios a través de la verificación de permiso inseguro. • https://gitee.com/huang-yk/student-manage/issues/IBQ14H • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29570
https://notcve.org/view.php?id=CVE-2025-29570
03 Apr 2025 — ., Ltd LBT-T300-T400 v3.2 allows a local attacker to escalate privileges via the function tftp_image_check of a binary named rc. Un problema en Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 permite que un atacante local escale privilegios a través de la función tftp_image_check de un binario llamado rc. • https://github.com/IOTRes/IOT_Firmware_Update/blob/main/firmwareupdate.md • CWE-276: Incorrect Default Permissions •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31285
https://notcve.org/view.php?id=CVE-2025-31285
02 Apr 2025 — A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31284
https://notcve.org/view.php?id=CVE-2025-31284
02 Apr 2025 — A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31283
https://notcve.org/view.php?id=CVE-2025-31283
02 Apr 2025 — A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31282
https://notcve.org/view.php?id=CVE-2025-31282
02 Apr 2025 — A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22231 – VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)
https://notcve.org/view.php?id=CVE-2025-22231
01 Apr 2025 — VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations. VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25541 • CWE-269: Improper Privilege Management •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0416 – Valmet DNA Local privilege escalation through insecure DCOM configuration
https://notcve.org/view.php?id=CVE-2025-0416
01 Apr 2025 — Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. Th... • https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0416 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29033
https://notcve.org/view.php?id=CVE-2025-29033
01 Apr 2025 — An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote attacker to escalate privileges via the /saml/index.php? • https://github.com/nikolas-ch/CVEs/tree/main/Bamboohr_25.0210.170831-83b08dd/OpenRedirect • CWE-269: Improper Privilege Management •