CVSS: 8.4EPSS: %CPEs: 4EXPL: 0CVE-2025-25269 – Local Privilege Escalation via Unauthenticated Command Injection
https://notcve.org/view.php?id=CVE-2025-25269
08 Jul 2025 — An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation. • https://certvde.com/de/advisories/VDE-2025-019 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: %CPEs: 4EXPL: 0CVE-2025-24006 – Privilege Escalation via Insecure SSH Permissions
https://notcve.org/view.php?id=CVE-2025-24006
08 Jul 2025 — A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root. • https://certvde.com/de/advisories/VDE-2025-014 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: %CPEs: 4EXPL: 0CVE-2025-24005 – Local Privilege Escalation via Vulnerable SSH Script
https://notcve.org/view.php?id=CVE-2025-24005
08 Jul 2025 — A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation. • https://certvde.com/de/advisories/VDE-2025-014 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: %CPEs: 1EXPL: 0CVE-2025-20684
https://notcve.org/view.php?id=CVE-2025-20684
08 Jul 2025 — This could lead to local escalation of privilege with User execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/July-2025 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2025-20683
https://notcve.org/view.php?id=CVE-2025-20683
08 Jul 2025 — This could lead to local escalation of privilege with User execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/July-2025 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2025-20682
https://notcve.org/view.php?id=CVE-2025-20682
08 Jul 2025 — This could lead to local escalation of privilege with User execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/July-2025 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2025-20681
https://notcve.org/view.php?id=CVE-2025-20681
08 Jul 2025 — This could lead to local escalation of privilege with User execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/July-2025 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: %CPEs: 1EXPL: 0CVE-2025-20680
https://notcve.org/view.php?id=CVE-2025-20680
08 Jul 2025 — This could lead to local escalation of privilege with User execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/July-2025 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.3EPSS: %CPEs: -EXPL: 0CVE-2025-6812 – Parallels Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-6812
07 Jul 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Client. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2025-34078 – NSClient++ 0.5.2.35 Local Privilege Escalation via ExternalScripts and Web Interface
https://notcve.org/view.php?id=CVE-2025-34078
02 Jul 2025 — A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file (nsclient.ini) stores the administrative password in plaintext and is readable by local users. ... This behavior is documented but insecure, as the plaintext credential exposure undermines access isolation between local users and administrative functions. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/nscp_pe.rb • CWE-269: Improper Privilege Management CWE-312: Cleartext Storage of Sensitive Information •