CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29504
https://notcve.org/view.php?id=CVE-2025-29504
03 Apr 2025 — Insecure Permission vulnerability in student-manage 1 allows a local attacker to escalate privileges via the Unsafe permission verification. La vulnerabilidad de permiso inseguro en student-manage 1 permite a un atacante local escalar privilegios a través de la verificación de permiso inseguro. • https://gitee.com/huang-yk/student-manage/issues/IBQ14H • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29570
https://notcve.org/view.php?id=CVE-2025-29570
03 Apr 2025 — ., Ltd LBT-T300-T400 v3.2 allows a local attacker to escalate privileges via the function tftp_image_check of a binary named rc. Un problema en Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 permite que un atacante local escale privilegios a través de la función tftp_image_check de un binario llamado rc. • https://github.com/IOTRes/IOT_Firmware_Update/blob/main/firmwareupdate.md • CWE-276: Incorrect Default Permissions •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31285
https://notcve.org/view.php?id=CVE-2025-31285
02 Apr 2025 — A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31284
https://notcve.org/view.php?id=CVE-2025-31284
02 Apr 2025 — A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31283
https://notcve.org/view.php?id=CVE-2025-31283
02 Apr 2025 — A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31282
https://notcve.org/view.php?id=CVE-2025-31282
02 Apr 2025 — A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21938 – mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr
https://notcve.org/view.php?id=CVE-2025-21938
01 Apr 2025 — Fix by skipping the replacement of an existing implicit local address if called via mptcp_pm_nl_get_local_id. ... Fix by skipping the replacement of an existing implicit local address if called via mptcp_pm_nl_get_local_id. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. • https://git.kernel.org/stable/c/d045b9eb95a9b611c483897a69e7285aefdc66d7 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21920 – vlan: enforce underlying device type
https://notcve.org/view.php?id=CVE-2025-21920
01 Apr 2025 — This behaviour can be reproduced using the following commands: ip tunnel add gretest mode ip6gre local ::1 remote ::2 dev lo ip l set up dev gretest ip link add link gretest name vlantest type vlan id 100 Then, the following command will display the address of garp_pdu_rcv: ip maddr show | grep 01:80:c2:00:00:21 Fix the bug by enforcing the type of the underlying device during VLAN device initialization. This behaviour can be reproduced using the following commands: ip tunnel add gretest mode ip6gre ... • https://git.kernel.org/stable/c/22bedad3ce112d5ca1eaf043d4990fa2ed698c87 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22231 – VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)
https://notcve.org/view.php?id=CVE-2025-22231
01 Apr 2025 — VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations. VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25541 • CWE-269: Improper Privilege Management •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0416 – Valmet DNA Local privilege escalation through insecure DCOM configuration
https://notcve.org/view.php?id=CVE-2025-0416
01 Apr 2025 — Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. Th... • https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0416 • CWE-269: Improper Privilege Management •