CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-11622
https://notcve.org/view.php?id=CVE-2025-11622
13 Oct 2025 — Insecure deserialization in Ivanti Endpoint Manager allows a local authenticated attacker to escalate their privileges. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-October-2025 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-9968
https://notcve.org/view.php?id=CVE-2025-9968
13 Oct 2025 — This vulnerability may be triggered by creating a specially crafted junction, potentially leading to local privilege escalation. • https://www.asus.com/security-advisory • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2025-23282
https://notcve.org/view.php?id=CVE-2025-23282
10 Oct 2025 — NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. • https://nvd.nist.gov/vuln/detail/CVE-2025-23282 • CWE-415: Double Free •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-11462 – Local Privilege Escalation Vulnerability in AWS Client VPN macOS Client
https://notcve.org/view.php?id=CVE-2025-11462
07 Oct 2025 — Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0 allows a local user to execute code with elevated privileges. ... On log rotation, this could lead to code execution with root privileges if the user made crafted API calls which injected arbitrary code into the log file. • https://aws.amazon.com/security/security-bulletins/AWS-2025-020 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-50505
https://notcve.org/view.php?id=CVE-2025-50505
07 Oct 2025 — Clash Verge Rev thru 2.2.3 forces the installation of system services(clash-verge-service) by default and exposes key functions through the unauthorized HTTP API `/start_clash`, allowing local users to submit arbitrary bin_path parameters and pass them directly to the service process for execution, resulting in local privilege escalation. • https://github.com/bron1e/CVE-2025-50505 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-36356 – IBM Security Verify Access privilege escalation
https://notcve.org/view.php?id=CVE-2025-36356
06 Oct 2025 — IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required. • https://www.ibm.com/support/pages/node/7247215 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-61197
https://notcve.org/view.php?id=CVE-2025-61197
06 Oct 2025 — An issue in Orban Optimod 5950, Optimod 5950HD, Optimod 5750, Optimod 5750HD, Optimod Trio Optimod version 1.0.0.33 - System version 2.5.26 allows a remote attacker to escalate privileges via the application stores user privilege/role information in client-side browser storage • https://github.com/giulioschiavone/Vulnerability-Research/tree/main/CVE-2025-61197 • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-10751 – MacForge 1.2.0 Beta 1 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-10751
04 Oct 2025 — MacForge contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects MacForge: 1.2.0 Beta 1. • https://fluidattacks.com/advisories/m83 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-27237 – DLL injection in Zabbix Agent and Agent 2 via OpenSSL configuration
https://notcve.org/view.php?id=CVE-2025-27237
03 Oct 2025 — In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL. • https://support.zabbix.com/browse/ZBX-27061 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-10578 – HP Support Assistant - Potential Escalation of Privilege
https://notcve.org/view.php?id=CVE-2025-10578
01 Oct 2025 — The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write. • https://support.hp.com/us-en/document/ish_13048717-13048785-16/hpsbgn04053 • CWE-269: Improper Privilege Management •