
CVE-2025-1729
https://notcve.org/view.php?id=CVE-2025-1729
17 Jul 2025 — A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges. • https://support.lenovo.com/us/en/product_security/LEN-189489 • CWE-427: Uncontrolled Search Path Element •

CVE-2025-1700
https://notcve.org/view.php?id=CVE-2025-1700
17 Jul 2025 — A DLL hijacking vulnerability was reported in the Motorola Software Fix (Rescue and Smart Assistant) installer that could allow a local attacker to escalate privileges during installation of the software. • https://en-us.support.motorola.com/app/answers/detail/a_id/186730/~/motorola-software-fix-installer-vulnerability • CWE-427: Uncontrolled Search Path Element •

CVE-2025-0886
https://notcve.org/view.php?id=CVE-2025-0886
17 Jul 2025 — An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges. • https://support.lenovo.com/us/en/product_security/LEN-182738 • CWE-276: Incorrect Default Permissions •

CVE-2025-7433
https://notcve.org/view.php?id=CVE-2025-7433
17 Jul 2025 — A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025.1 and older allows arbitrary code execution. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20250717-cix-lpe • CWE-502: Deserialization of Untrusted Data •

CVE-2024-13972
https://notcve.org/view.php?id=CVE-2024-13972
17 Jul 2025 — A vulnerability related to registry permissions in the Intercept X for Windows updater prior to version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20250717-cix-lpe • CWE-276: Incorrect Default Permissions •

CVE-2025-7472
https://notcve.org/view.php?id=CVE-2025-7472
17 Jul 2025 — A local privilege escalation vulnerability in the Intercept X for Windows installer prior version 1.22 can lead to a local user gaining system level privileges, if the installer is run as SYSTEM. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20250717-cix-lpe • CWE-427: Uncontrolled Search Path Element •

CVE-2025-34112 – Riverbed SteelCentral NetProfiler / NetExpress 10.8.7 RCE
https://notcve.org/view.php?id=CVE-2025-34112
15 Jul 2025 — The attacker may escalate privileges to root by exploiting an insecure sudoers configuration that allows the 'mazu' user to execute arbitrary commands as root via SSH key extraction and command chaining. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/riverbed_netprofiler_netexpress_exec.rb • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-266: Incorrect Privilege Assignment CWE-306: Missing Authentication for Critical Function •

CVE-2025-24477
https://notcve.org/view.php?id=CVE-2025-24477
15 Jul 2025 — A heap-based buffer overflow in Fortinet FortiOS versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2.4 through 7.2.11 allows an attacker to escalate its privileges via a specially crafted CLI command • https://fortiguard.fortinet.com/psirt/FG-IR-25-026 • CWE-122: Heap-based Buffer Overflow •

CVE-2025-53024 – Oracle VirtualBox VMSVGA Integer Overflow Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-53024
15 Jul 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-269: Improper Privilege Management •

CVE-2025-53027 – Oracle VirtualBox OHCI USB Controller Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-53027
15 Jul 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-269: Improper Privilege Management •