CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1865 – Local Privilege Escalation in Virtual CloneDrive Kernel Driver
https://notcve.org/view.php?id=CVE-2025-1865
04 Apr 2025 — The kernel driver, accessible to low-privileged users, exposes a function that fails to properly validate the privileges of the calling process. This allows creating files at arbitrary locations with full user control, ultimately allowing for privilege escalation to SYSTEM. El controlador del kernel, accesible para usuarios con pocos privilegios, expone una función que no valida correctamente los privilegios del proceso que lo llama. Esto permite la creación de archivos en ubicaciones arbitrarias con contro... • https://www.elby.ch/de/products/vcd.html • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29504
https://notcve.org/view.php?id=CVE-2025-29504
03 Apr 2025 — Insecure Permission vulnerability in student-manage 1 allows a local attacker to escalate privileges via the Unsafe permission verification. • https://gitee.com/huang-yk/student-manage/issues/IBQ14H • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29570
https://notcve.org/view.php?id=CVE-2025-29570
03 Apr 2025 — ., Ltd LBT-T300-T400 v3.2 allows a local attacker to escalate privileges via the function tftp_image_check of a binary named rc. • https://github.com/IOTRes/IOT_Firmware_Update/blob/main/firmwareupdate.md •
CVSS: 0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31285
https://notcve.org/view.php?id=CVE-2025-31285
02 Apr 2025 — A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31284
https://notcve.org/view.php?id=CVE-2025-31284
02 Apr 2025 — A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31283
https://notcve.org/view.php?id=CVE-2025-31283
02 Apr 2025 — A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31282
https://notcve.org/view.php?id=CVE-2025-31282
02 Apr 2025 — A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22231 – VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)
https://notcve.org/view.php?id=CVE-2025-22231
01 Apr 2025 — VMware Aria Operations contains a local privilege escalation vulnerability. ... VMware Aria Operations contains a local privilege escalation vulnerability. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25541 • CWE-269: Improper Privilege Management •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0416 – Valmet DNA Local privilege escalation through insecure DCOM configuration
https://notcve.org/view.php?id=CVE-2025-0416
01 Apr 2025 — Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. ... Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. • https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0416 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29033
https://notcve.org/view.php?id=CVE-2025-29033
01 Apr 2025 — An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote attacker to escalate privileges via the /saml/index.php? • https://github.com/nikolas-ch/CVEs/tree/main/Bamboohr_25.0210.170831-83b08dd/OpenRedirect • CWE-269: Improper Privilege Management •