CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13972
https://notcve.org/view.php?id=CVE-2024-13972
17 Jul 2025 — A vulnerability related to registry permissions in the Intercept X for Windows updater prior to version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20250717-cix-lpe • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7472
https://notcve.org/view.php?id=CVE-2025-7472
17 Jul 2025 — A local privilege escalation vulnerability in the Intercept X for Windows installer prior version 1.22 can lead to a local user gaining system level privileges, if the installer is run as SYSTEM. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20250717-cix-lpe • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 2CVE-2025-34112 – Riverbed SteelCentral NetProfiler / NetExpress 10.8.7 RCE
https://notcve.org/view.php?id=CVE-2025-34112
15 Jul 2025 — The attacker may escalate privileges to root by exploiting an insecure sudoers configuration that allows the 'mazu' user to execute arbitrary commands as root via SSH key extraction and command chaining. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/riverbed_netprofiler_netexpress_exec.rb • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-266: Incorrect Privilege Assignment CWE-306: Missing Authentication for Critical Function •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53024 – Oracle VirtualBox VMSVGA Integer Overflow Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-53024
15 Jul 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-269: Improper Privilege Management •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53027 – Oracle VirtualBox OHCI USB Controller Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-53027
15 Jul 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-269: Improper Privilege Management •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53028 – Oracle VirtualBox VMSVGA Out-Of-Bounds Write Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-53028
15 Jul 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-284: Improper Access Control •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27582
https://notcve.org/view.php?id=CVE-2025-27582
14 Jul 2025 — The Secure Password extension in One Identity Password Manager before 5.14.4 allows local privilege escalation. ... Successful exploitation allows a local attacker (with access to a locked workstation) to gain SYSTEM-level privileges, granting full control over the affected device. • https://www.cyberis.com/article/password-manager-privilege-escalation • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7012 – Cato Networks Linux Client Local Privilege Escalation via Symlink
https://notcve.org/view.php?id=CVE-2025-7012
13 Jul 2025 — An issue in Cato Networks' CatoClient for Linux, before version 5.5, allows a local attacker to escalate privileges to root by exploiting improper symbolic link handling. • https://support.catonetworks.com/hc/en-us/articles/28552501717405-CVE-2025-7012-Linux-Client-Local-Privilege-Escalation-via-Symbolic-Link-Handling • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5199 – LPE on Multipass for macOS
https://notcve.org/view.php?id=CVE-2025-5199
11 Jul 2025 — In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup. • https://github.com/canonical/multipass/pull/4115 • CWE-276: Incorrect Default Permissions •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-30661 – Junos OS: Low-privileged user can cause script to run as root, leading to privilege escalation
https://notcve.org/view.php?id=CVE-2025-30661
11 Jul 2025 — An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local, low-privileged user to install scripts to be executed as root, leading to privilege escalation. A local user with access to the local file system can copy a script to the router in a way that will be executed as root, as the system boots. Execution of the script as root can lead to privilege escalation, potentially... • https://github.com/orangecertcc/security-research/security/advisories/GHSA-2p66-9j7x-fmch • CWE-732: Incorrect Permission Assignment for Critical Resource •