CVSS: 6.3EPSS: %CPEs: 1EXPL: 0CVE-2025-2782 – WatchGuard Terminal Services Agent Local Privilege Escalation via Non-Standard Installation Directory
https://notcve.org/view.php?id=CVE-2025-2782
28 Mar 2025 — The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Terminal Services Agent: from 12.0 through 12.10. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00005 • CWE-276: Incorrect Default Permissions •
CVSS: 6.3EPSS: %CPEs: 1EXPL: 0CVE-2025-2781 – WatchGuard Mobile VPN with SSL Local Privilege Escalation via Non-Standard Installation Directory
https://notcve.org/view.php?id=CVE-2025-2781
28 Mar 2025 — The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Mobile VPN with SSL Client: from 11.0 through 12.11. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00004 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: %CPEs: 1EXPL: 0CVE-2025-2713 – Improper File Permission Handling in Google gVisor runsc
https://notcve.org/view.php?id=CVE-2025-2713
28 Mar 2025 — Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. • https://github.com/google/gvisor/commit/586c38d70081b13b2ed494cef48e99b93956843e • CWE-269: Improper Privilege Management •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30232 – Debian Security Advisory 5887-1
https://notcve.org/view.php?id=CVE-2025-30232
27 Mar 2025 — A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges. • https://www.exim.org/static/doc/security/CVE-2025-30232.txt • CWE-416: Use After Free •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30407
https://notcve.org/view.php?id=CVE-2025-30407
26 Mar 2025 — Local privilege escalation due to a binary hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-8414 • CWE-426: Untrusted Search Path •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25535
https://notcve.org/view.php?id=CVE-2025-25535
26 Mar 2025 — HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request. • https://github.com/simalamuel/Research/tree/main/CVE-2025-25535 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2762 – CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-2762
25 Mar 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of CarlinKit CPC200-CCPA devices. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2768 – Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-2768
25 Mar 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2769 – Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-2769
25 Mar 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8774 – Privilege Escalation in SIMPLE.ERP
https://notcve.org/view.php?id=CVE-2024-8774
24 Mar 2025 — The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. • https://cert.pl/en/posts/2025/03/CVE-2024-8773 • CWE-257: Storing Passwords in a Recoverable Format •