CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1732
https://notcve.org/view.php?id=CVE-2025-1732
22 Apr 2025 — An improper privilege management vulnerability in the recovery function of the USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-incorrect-permission-assignment-and-improper-privilege-management-vulnerabilities-in-usg-flex-h-series-firewalls-04-22-2025 • CWE-269: Improper Privilege Management •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43922
https://notcve.org/view.php?id=CVE-2025-43922
21 Apr 2025 — The FileWave Windows client before 16.0.0, in some non-default configurations, allows an unprivileged local user to escalate privileges to SYSTEM. • https://kb.filewave.com/books/downloads/page/filewave-version-1603 • CWE-863: Incorrect Authorization •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43917
https://notcve.org/view.php?id=CVE-2025-43917
19 Apr 2025 — In Pritunl Client before 1.3.4220.57, an administrator with access to /Applications can escalate privileges after uninstalling the product. • https://forum.pritunl.com/t/pritunl-client-v1-3-4220-57/3183 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24914 – Local Priviledge Escalation
https://notcve.org/view.php?id=CVE-2025-24914
18 Apr 2025 — This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-24914 • https://www.tenable.com/security/tns-2025-05 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1697 – HP Touchpoint Analytics Service – Potential Escalation of Privilege
https://notcve.org/view.php?id=CVE-2025-1697
18 Apr 2025 — This vulnerability could potentially allow a local attacker to escalate privileges. HP is providing software updates to mitigate this potential vulnerability. • https://support.hp.com/us-en/document/ish_12269975-12269997-16/hpsbgn04008 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-28237
https://notcve.org/view.php?id=CVE-2025-28237
18 Apr 2025 — An issue in WorldCast Systems ECRESO FM/DAB/TV Transmitter v1.10.1 allows authenticated attackers to escalate privileges via a crafted JSON payload. • https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-28237 • CWE-269: Improper Privilege Management •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43715
https://notcve.org/view.php?id=CVE-2025-43715
17 Apr 2025 — Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition. • https://nsis.sourceforge.io/Docs/AppendixF.html#v3.11-rl • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 9.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-2073
https://notcve.org/view.php?id=CVE-2025-2073
16 Apr 2025 — Out-of-Bounds Read in ip_set_bitmap_ip.c in Google ChromeOS Kernel Versions 6.1, 5.15, 5.10, 5.4, 4.19. on All devices where Termina is used allows an attacker with CAP_NET_ADMIN privileges to cause memory corruption and potentially escalate privileges via crafted ipset commands. • https://issues.chromium.org/issues/b/380043638 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25230 – Omnissa Horizon Client for Windows Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-25230
16 Apr 2025 — Omnissa Horizon Client for Windows contains an LPE Vulnerability. Omnissa Horizon Client for Windows contains an LPE Vulnerability. A malicious actor with local access where Horizon Client for Windows is installed may be able to elevate privileges. A malicious actor with local access where Horizon Client for Windows is installed may be able to elevate privileges. Omnissa Horizon Client for Windows contains an LPE Vulnerability. • https://static.omnissa.com/sites/default/files/OMSA-2025-0001.pdf • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-32438 – Local privilege escalation in make-initrd-ng
https://notcve.org/view.php?id=CVE-2025-32438
15 Apr 2025 — Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled (the default) a local user is able to create a program that will be executed by root during shutdown. • https://github.com/NixOS/nixpkgs/commit/b17590193d8e5697000c23c66afcf11e1753734d • CWE-378: Creation of Temporary File With Insecure Permissions CWE-379: Creation of Temporary File in Directory with Insecure Permissions •