CVSS: 9.8EPSS: %CPEs: 1EXPL: 0CVE-2025-66269 – Unquoted Service Path in UPSilon2000V6.0(RupsMon and USBMate) running as SYSTEM
https://notcve.org/view.php?id=CVE-2025-66269
26 Nov 2025 — This allows a local attacker to perform path interception and escalate privileges if they have write permissions to the directories proceeding that of which the real service executables live in • https://www.megatec.com.tw/software-download • CWE-428: Unquoted Search Path or Element •
CVSS: 9.8EPSS: %CPEs: 1EXPL: 0CVE-2025-66266 – Insecure SYSTEM Service Permissions in UPSilon2000V6.0 (RupsMon.exe) leading to trivial Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-66266
26 Nov 2025 — A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to a command; starting and stopping the service to immediately achieve code execution and privilege escalation • https://www.megatec.com.tw/software-download • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: %CPEs: 1EXPL: 0CVE-2025-66265 – Insecure permissions in configuration directory (C:\\usr)
https://notcve.org/view.php?id=CVE-2025-66265
26 Nov 2025 — This allows attackers to replace configuration files (such as snmp.conf) or hijack DLLs to escalate privileges. • https://www.megatec.com.tw/software-download • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: %CPEs: 1EXPL: 0CVE-2025-66264 – Unquoted Service path in UPSilon2000V6.0 SYSTEM privilege service
https://notcve.org/view.php?id=CVE-2025-66264
26 Nov 2025 — This allows a local attacker with write privileges to the filesystem to insert a malicious executable in the path, leading to privilege escalation. • https://www.megatec.com.tw/software-download • CWE-428: Unquoted Search Path or Element •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-59373 – ASUS MyASUS Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-59373
25 Nov 2025 — A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. ... • https://www.asus.com/content/security-advisory • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-64064
https://notcve.org/view.php?id=CVE-2025-64064
25 Nov 2025 — Because of weak access controls any low level user can use this API and change their permission to Administrator by using PP_SECURITY_PROFILE_ID=2 inside body of request and escalate privileges. • https://github.com/n3k7ar91/Vulnerabilites/blob/main/Primakon/CVE-2025-64064.md • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-64066
https://notcve.org/view.php?id=CVE-2025-64066
25 Nov 2025 — The endpoint fails to implement any authorization checks, allowing unauthenticated attackers to perform POST requests to register new user accounts in the application's local database. ... This vector can also be chained with other vulnerabilities for privilege escalation and complete compromise of application. • https://github.com/n3k7ar91/Vulnerabilites/blob/main/Primakon/CVE-2025-64066.md • CWE-284: Improper Access Control •
CVSS: 5.7EPSS: 0%CPEs: -EXPL: 0CVE-2025-0007
https://notcve.org/view.php?id=CVE-2025-0007
24 Nov 2025 — Insufficient validation within Xilinx Run Time framework could allow a local attacker to escalate privileges from user space to kernel space, potentially compromising confidentiality, integrity, and/or availability. • https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-8014.html • CWE-710: Improper Adherence to Coding Standards •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-11921 – iStat Menus 7.10.4 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-11921
24 Nov 2025 — iStats contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via command injection.This issue affects iStats: 7.10.4. • https://bjango.com/mac/istatmenus • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 3CVE-2025-34334 – AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command Injection via TestFax.php & LPE
https://notcve.org/view.php?id=CVE-2025-34334
19 Nov 2025 — In addition, because the generated batch files reside in a location with overly permissive file system permissions, a local low-privilege user on the server can modify pending batch files to achieve the same elevation. In addition, because the generated batch files reside in a location with overly permissive file system permissions, a local low-privilege user on the server can modify pending batch files to achieve the same elevation. ... • https://www.vulncheck.com/advisories/audiocodes-fax-ivr-appliance-authenticated-command-injection-via-testfax-and-lpe • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •