CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-24006 – Privilege Escalation via Insecure SSH Permissions
https://notcve.org/view.php?id=CVE-2025-24006
08 Jul 2025 — A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root. • https://certvde.com/de/advisories/VDE-2025-014 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-24005 – Local Privilege Escalation via Vulnerable SSH Script
https://notcve.org/view.php?id=CVE-2025-24005
08 Jul 2025 — A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation. • https://certvde.com/de/advisories/VDE-2025-014 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-47422
https://notcve.org/view.php?id=CVE-2025-47422
08 Jul 2025 — Advanced Installer before 22.6 has an uncontrolled search path element local privilege escalation vulnerability. • https://www.advancedinstaller.com/advanced-installer-security-fixes-retrospective.html • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52521 – Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-52521
08 Jul 2025 — Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://helpcenter.trendmicro.com/en-us/article/tmka-18876 • CWE-64: Windows Shortcut Following (.LNK) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52837 – Trend Micro Password Manager Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-52837
08 Jul 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Password Manager. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://helpcenter.trendmicro.com/en-us/article/TMKA-12946 • CWE-64: Windows Shortcut Following (.LNK) •
CVSS: 8.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-49727 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-49727
08 Jul 2025 — Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49727 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-49732 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-49732
08 Jul 2025 — Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49732 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-49742 – Windows Graphics Component Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49742
08 Jul 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49742 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-47993 – Microsoft PC Manager Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-47993
08 Jul 2025 — Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft PC Manager. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47993 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2025-48820 – Windows AppX Deployment Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-48820
08 Jul 2025 — Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48820 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •