Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-40459

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-22 May, 2025 | 00:00
Updated At-23 May, 2025 | 13:58
Rejected At-
Credits

An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:22 May, 2025 | 00:00
Updated At:23 May, 2025 | 13:58
Rejected At:
▼CVE Numbering Authority (CNA)

An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://drive.google.com/file/d/1J2PsjRc6u2q4Teo3eVnBVmTEFjOgaPzX/view?usp=drive_link
N/A
https://gist.githubusercontent.com/john0x186/1d9cc7fcc8386480d2bdaa9fdcfa914b/raw/d2d3d74ccaa939127ee2b03139061509a7dd238c/full-disclosure.md
N/A
Hyperlink: https://drive.google.com/file/d/1J2PsjRc6u2q4Teo3eVnBVmTEFjOgaPzX/view?usp=drive_link
Resource: N/A
Hyperlink: https://gist.githubusercontent.com/john0x186/1d9cc7fcc8386480d2bdaa9fdcfa914b/raw/d2d3d74ccaa939127ee2b03139061509a7dd238c/full-disclosure.md
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-269CWE-269 Improper Privilege Management
Type: CWE
CWE ID: CWE-269
Description: CWE-269 Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:22 May, 2025 | 19:15
Updated At:30 May, 2025 | 01:17

An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
ocuco
ocuco
>>innovation>>2.10.24.51
cpe:2.3:a:ocuco:innovation:2.10.24.51:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-269Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-269
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://drive.google.com/file/d/1J2PsjRc6u2q4Teo3eVnBVmTEFjOgaPzX/view?usp=drive_linkcve@mitre.org
Permissions Required
https://gist.githubusercontent.com/john0x186/1d9cc7fcc8386480d2bdaa9fdcfa914b/raw/d2d3d74ccaa939127ee2b03139061509a7dd238c/full-disclosure.mdcve@mitre.org
Exploit
Hyperlink: https://drive.google.com/file/d/1J2PsjRc6u2q4Teo3eVnBVmTEFjOgaPzX/view?usp=drive_link
Source: cve@mitre.org
Resource:
Permissions Required
Hyperlink: https://gist.githubusercontent.com/john0x186/1d9cc7fcc8386480d2bdaa9fdcfa914b/raw/d2d3d74ccaa939127ee2b03139061509a7dd238c/full-disclosure.md
Source: cve@mitre.org
Resource:
Exploit

Change History

0
Information is not available yet

Similar CVEs

720Records found
CVE-2024-38014
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-12.83% / 94.13%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:53
Updated-28 Oct, 2025 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-10-01||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Windows Installer Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_22h2windows_server_2012windows_server_2008windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_1607windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2019windows_11_21h2windows_server_2016Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 21H2Windows 11 Version 24H2Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2022Windows Server 2019Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012 R2Windows 10 Version 1809Windows 11 version 22H2Windows 11 version 22H3Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2016Windows
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-41974
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.55%
||
7 Day CHG~0.00%
Published-29 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.

Action-Not Available
Vendor-opensvcn/aDebian GNU/LinuxFedora Project
Product-fedoradebian_linuxmultipath-toolsn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34459
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 53.71%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 20:19
Updated-19 Nov, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows AppContainer Elevation Of Privilege Vulnerability

Windows AppContainer Elevation Of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10windows_server_2019Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows Server 2016Windows 10 Version 20H2Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34483
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.45% / 63.59%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 18:11
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Print Spooler Elevation of Privilege Vulnerability

Windows Print Spooler Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-3990
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.67%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 18:52
Updated-28 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation.

Action-Not Available
Vendor-HP Inc.
Product-hpsfviewerHPSFViewer
CWE ID-CWE-269
Improper Privilege Management
CVE-2015-8539
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 22.82%
||
7 Day CHG~0.00%
Published-08 Feb, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, IncSUSE
Product-ubuntu_linuxlinux_enterprise_real_time_extensionlinux_kerneln/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34461
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.73%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 20:19
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability

Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 21H1Windows Server version 20H2Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2015-7556
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.23% / 46.15%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 14:57
Updated-06 Aug, 2024 | 07:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program.

Action-Not Available
Vendor-delegateNational Institute of Advanced Industrial Science and Technology
Product-delegateDeleGate
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-35761
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.73% / 86.14%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 19:56
Updated-29 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022windows_server_2019windows_10windows_11windows_server_2016Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019Windows Server version 20H2Windows 11 version 21H2Windows Server 2016 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows 10 Version 20H2Windows 10 Version 21H2Windows Server 2022
CWE ID-CWE-269
Improper Privilege Management
CVE-2015-7334
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.41%
||
7 Day CHG~0.00%
Published-27 Mar, 2020 | 14:05
Updated-06 Aug, 2024 | 07:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges.

Action-Not Available
Vendor-n/aLenovo Group Limited
Product-system_updaten/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-36833
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-7.3||HIGH
EPSS-0.04% / 13.90%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:20
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for developer by changing package name.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-gameoptimizingserviceandroidGame Optimizing Service
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-35763
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.80% / 86.30%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 19:56
Updated-29 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storage Spaces Direct Elevation of Privilege Vulnerability

Storage Spaces Direct Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10windows_server_2016windows_server_2022windows_server_2019Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019Windows Server version 20H2Windows Server 2016 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows 10 Version 20H2Windows 10 Version 21H2Windows Server 2022
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-35768
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.84% / 74.91%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 19:57
Updated-24 Jul, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2022windows_server_2019windows_10windows_11windows_server_2008windows_server_2012windows_8.1windows_server_2016windows_rt_8.1Windows Server 2019 (Server Core installation)Windows Server 2022Windows 10 Version 21H2Windows Server 2019Windows 11 version 21H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2016Windows Server 2016 (Server Core installation)Windows 10 Version 21H1Windows Server 2008 Service Pack 2Windows Server 2012 R2Windows Server 2012Windows Server version 20H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 7Windows Server 2008 Service Pack 2Windows 7 Service Pack 1Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1507Windows 10 Version 20H2Windows 10 Version 1607Windows 8.1
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-35765
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.80% / 86.30%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 19:57
Updated-29 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storage Spaces Direct Elevation of Privilege Vulnerability

Storage Spaces Direct Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10windows_server_2016windows_server_2022windows_server_2019Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019Windows Server version 20H2Windows Server 2016 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows 10 Version 20H2Windows 10 Version 21H2Windows Server 2022
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-5617
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.43%
||
7 Day CHG~0.00%
Published-04 Aug, 2020 | 01:05
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors.

Action-Not Available
Vendor-skygroupSky Co., LTD.
Product-skysea_client_viewSKYSEA Client View
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-34703
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.27% / 84.85%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 19:53
Updated-04 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Partition Management Driver Elevation of Privilege Vulnerability

Windows Partition Management Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2019windows_server_2022windows_10windows_server_2016windows_11Windows 10 Version 1809Windows 10 Version 21H1Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 21H2Windows 10 Version 20H2Windows Server version 20H2Windows 10 Version 1507Windows 10 Version 1607Windows Server 2019Windows 11 version 21H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-6024
Matching Score-4
Assigner-Check Point Software Ltd.
ShareView Details
Matching Score-4
Assigner-Check Point Software Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.57%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 18:17
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users.

Action-Not Available
Vendor-n/aCheck Point Software Technologies Ltd.
Product-smartconsoleCheck Point SmartConsole
CWE ID-CWE-114
Process Control
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-32900
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.23%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 00:00
Updated-11 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to gain elevated privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-30695
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.12%
||
7 Day CHG~0.00%
Published-16 May, 2022 | 17:19
Updated-17 Sep, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation due to excessive permissions assigned to child processes

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-snap_deployAcronis Snap Deploy
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-6652
Matching Score-4
Assigner-Eaton
ShareView Details
Matching Score-4
Assigner-Eaton
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.43%
||
7 Day CHG~0.00%
Published-07 May, 2020 | 15:58
Updated-16 Sep, 2024 | 23:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect privilege assignment allowing non-admin users to upload config files

Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations via uploading the configurations with incorrect parameters.

Action-Not Available
Vendor-eatonEaton
Product-intelligent_power_managerIntelligent Power manager (IPM)
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-52347
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.10%
||
7 Day CHG~0.00%
Published-01 May, 2026 | 00:00
Updated-07 May, 2026 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the component DirectIo64.sys of PassMark BurnInTest v11.0 Build 1011, OSForensics v11.1 Build 1007, and PerformanceTest v11.1 Build 1004 allows attackers to access kernel memory and escalate privileges via a crafted IOCTL 0x8011E044 call.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-48645
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 0.79%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 18:42
Updated-21 Apr, 2026 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-49157
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.15% / 34.84%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 18:42
Updated-09 Sep, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-apex_oneTrend Micro Apex One as a ServiceTrend Micro Apex One
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-47955
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.52% / 67.12%
||
7 Day CHG-0.18%
Published-10 Jun, 2025 | 17:02
Updated-20 Feb, 2026 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_11_24h2windows_11_23h2windows_server_2019windows_server_2022windows_10_22h2windows_server_2016windows_server_2025windows_11_22h2windows_server_2022_23h2windows_10_1507windows_10_1809windows_10_1607windows_server_2012windows_10_21h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-24750
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.18%
||
7 Day CHG+0.10%
Published-10 Mar, 2022 | 00:00
Updated-23 Apr, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Low privilege user is able to exploit the service and gain SYSTEM privileges in UltraVNC server

UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) on a vulnerable system. The vulnerability has been fixed to allow loading of plugins from the installed directory. Affected users should upgrade their UltraVNC to 1.3.8.1. Users unable to upgrade should not install and run UltraVNC server as a service. It is advisable to create a scheduled task on a low privilege account to launch WinVNC.exe instead. There are no known workarounds if winvnc needs to be started as a service.

Action-Not Available
Vendor-uvncultravnc
Product-ultravncUltraVNC
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-24931
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-7.9||HIGH
EPSS-0.01% / 3.51%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 13:46
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-23455
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.67%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 21:36
Updated-27 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.

Action-Not Available
Vendor-HP Inc.
Product-support_assistantHP Support Assistant
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-4636
Matching Score-4
Assigner-Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
ShareView Details
Matching Score-4
Assigner-Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.30%
||
7 Day CHG~0.00%
Published-30 May, 2025 | 08:24
Updated-30 May, 2025 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation

Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to privilege escalate to the root user

Action-Not Available
Vendor-JCT
Product-Airpointer
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-43512
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 3.62%
||
7 Day CHG~0.00%
Published-12 Dec, 2025 | 20:56
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to elevate privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSiOS and iPadOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-43320
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 6.02%
||
7 Day CHG~0.00%
Published-12 Dec, 2025 | 20:56
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2015-0949
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.08% / 22.81%
||
7 Day CHG~0.00%
Published-30 Jan, 2020 | 20:45
Updated-06 Aug, 2024 | 04:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.

Action-Not Available
Vendor-HPDell Inc.HP Inc.
Product-latitude_e6430elitebook_850_g1latitude_e6430_firmwareelitebook_850_g1_firmwareLatitude E6430EliteBook 850 G1
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-3439
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.67%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 21:39
Updated-27 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities.

Action-Not Available
Vendor-HP Inc.
Product-zhan_86_pro_g2_microtower_\(rom_family_ssid_843c\)288_pro_g4_microtower_\(rom_family_ssid_843c\)proone_600_g4_21.5-inch_touch_all-in-one_business_pc290_g2_small_form_factor_\(rom_family_ssid_8768\)_firmwareelitebook_x360_1040_g7_firmwareelite_slice_g2_with_microsoft_teams_roomszbook_15_g4probook_450_g3prodesk_600_g5_small_form_factor_pczhan_66_pro_15_g2_firmwareproone_490_g3_\(rom_family_ssid_81b7\)zhan_86_pro_g1_microtower_pcelitedesk_800_g2_tower_pceliteone_1000_g1_23.8-in_touch_all-in-one_business_pcprobook_430_g7elitedesk_800_35w_g4_desktop_mini_pc_firmware288_pro_g5_microtower_\(rom_family_ssid_86e9\)_firmwarez4_g4_workstation_\(core-x\)_firmwareelitebook_x360_1030_g7_firmwaredesktop_pro_g1_microtower_\(rom_family_ssid_843c\)_firmwareelitebook_840_g3elitebook_x360_1030_g4_firmware288_pro_g6_microtower_\(rom_family_ssid_8948\)zhan_66_pro_13_g2elitebook_folio_g1_firmwareeliteone_800_g2_23-inch_non-touch_all-in-one_pc_firmwareprobook_430_g8probook_440_g8probook_x360_11_g4_education_edition_firmwarezbook_17_g6zbook_firefly_15_g7engage_flex_pro_retail_systemzbook_17_g3256_g4_firmwareelite_sliceproone_440_g3_\(rom_family_ssid_81b7\)z2_small_form_factor_g5240_g6probook_640_g3prodesk_400_g6_small_form_factor_pcelitedesk_800_g6_tower_pc200_g3_all-in-one_\(rom_family_ssid_8431\)prodesk_600_g5_desktop_mini_pc340s_g7_firmwareelitedesk_800_g4_tower_pcelitebook_1040_g3240_g4z2_mini_g5_firmwaredesktop_pro_g2_microtower_pc_firmwareprobook_640_g4_firmwarezbook_studio_g7_firmwaremt31_thin_client_firmwareprodesk_600_g2_microtower_pc290_g4_microtower_\(rom_family_ssid_8948\)_firmwareprobook_440_g3prodesk_600_g3_desktop_mini_pc_firmwarez240_tower_firmwaredesktop_pro_g3406_microtower_pc_firmwareeliteone_800_g3_23.8_non-touch_healthcare_edition_all-in-one_business_pc_firmwareelite_x2_1012_g1218_pro_g5_microtower_pcspectre_pro_13_g1_firmwareelite_x2_1012_g1_tabletmt31_thin_clientzbook_studio_x360_g5_firmwareeliteone_1000_g1_34-in_curved_all-in-one_business_pc_firmware260_g3_desktop_mini_pcprobook_450_g8_firmwareprobook_650_g7probook_430_g3280_pro_g3_microtower_pcelitedesk_880_g2_tower_pc_firmwareprodesk_400_g3_desktop_mini_pc_firmwareelitedesk_800_35w_g2_desktop_mini_pc_firmwaremp9_g2_retail_system_firmware340_g3elite_slice_g2_with_zoom_rooms_firmware288_pro_g6_microtower_\(rom_family_ssid_877e\)_firmware200_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)z2_mini_g3290_g2_small_form_factor_\(rom_family_ssid_86e9\)stream_11_pro_g4z2_tower_g4_firmwareeliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pc_firmwareelitedesk_800_g2_tower_pc_firmwareengage_flex_pro_retail_system_firmware346_g3_firmwareprodesk_400_g3_desktop_mini_pcengage_flex_pro-c_retail_system_firmwareproone_440_g5_23.8-in_all-in-one_business_pc_firmwarezbook_15v_g5_mobile_workstationelitedesk_800_g4_small_form_factor_pceliteone_800_g5_23.8-in_healthcare_edition_all-in-oneprobook_x360_11_g6_education_edition_firmwareprodesk_480_g4_microtower_pcelite_dragonfly_g2engage_one_pro_aio_system_firmwarezbook_14u_g5probook_430_g4prodesk_480_g7_pci_microtower_pc280_g5_small_form_factor_\(rom_family_ssid_86e9\)engage_gomobile_systemprobook_430_g7_firmwarezbook_14u_g4246_g6_firmware280_pro_g3_microtower_pc_firmwareeliteone_800_g2_23-inch_touch_all-in-one_pc280_pro_g4_microtower_\(rom_family_ssid_843c\)_firmwarez1_entry_tower_g5280_g3_small_form_factor_\(rom_family_ssid_843f\)_firmware290_g4_microtower_\(rom_family_ssid_877e\)probook_x360_11_g5_education_edition_firmwaredesktop_pro_g2_microtower_pcprodesk_480_g6_microtower_pc_firmwarez640_workstation_firmwareeliteone_800_g3_23.8_non-touch_healthcare_edition_all-in-one_business_pc250_g5z2_tower_g5_firmwareeliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_pc258_g6_firmwareelitedesk_800_g5_tower_pcprodesk_400_g4_desktop_mini_pc_firmware256_g4desktop_pro_g3_firmwareprodesk_600_g6_small_form_factor_pc_firmwareelitebook_x360_1040_g6elitedesk_800_g6_desktop_mini_pc_firmwarez240_small_form_factorelite_dragonflyzhan_x_13_g2348_g5zhan_66_pro_14_g3eliteone_800_g6_24_all-in-one_pc260_g4_desktop_mini_pc_firmwareprodesk_680_g4_microtower_pc_\(with_pci_slot\)zbook_15u_g6zcentral_4rprobook_630_g8zbook_15_g3_firmwarezhan_99_pro_g1_microtower_\(rom_family_ssid_843c\)_firmware200_g3_all-in-one_\(rom_family_ssid_8431\)_firmwaremt22_thin_client_firmwareeliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc280_g3_small_form_factor_\(rom_family_ssid_843f\)probook_450_g4engage_one_all-in-one_systemprobook_630_g8_firmwareelitebook_1030_g1_firmwareengage_one_pro_aio_systemeliteone_800_g3_23.8-inch_touch_all-in-one_pcengage_gomobile_system_firmwaremt21_thin_client_firmwareprobook_446_g3256_g5zhan_66_pro_g1_r_microtower_pc_firmwareprodesk_600_g4_small_form_factor_pcspectre_pro_x360_g2256_g5_firmwareprobook_640_g8_firmware288_pro_g6_microtower_\(rom_family_ssid_8948\)_firmware340_g5_firmwareprodesk_400_g6_microtower_pcelitedesk_800_g3_small_form_factor_pc290_g2_small_form_factor_\(rom_family_ssid_86e9\)_firmwarestream_11_pro_g5elite_slice_g2_-_partner_ready_with_microsoft_teams_rooms240_g7_firmwareelitebook_840_g3_firmware240_g4_firmware246_g4probook_430_g5_firmware346_g4290_g1_small_form_factor_\(rom_family_ssid_843f\)_firmwareelite_x2_g4prodesk_400_g5_small_form_factor_pc_firmwareprodesk_480_g4_microtower_pc_firmwarez240_small_form_factor_firmwareelite_slice_firmwarezbook_power_g7_firmwarezhan_66_pro_15_g3290_g3_\(rom_family_ssid_86e9\)_firmwarez2_tower_g5zbook_14u_g4_firmwareproone_400_g3_20-inch_non-touch_all-in-one_pcz2_small_form_factor_g4_firmwaremt20_thin_client_firmwareprodesk_600_g4_small_form_factor_pc_firmwareprodesk_400_g7_microtower_pc_firmwareprobook_x360_11_g5_education_editionz1_all-in-one_g3_firmwarezbook_studio_g4_firmwareelitebook_828_g4_firmwaredesktop_pro_g2z840_workstation250_g6elitebook_x360_1040_g5_firmwareprodesk_680_g6_pci_microtower_pc_firmwareeliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pcelitebook_x360_1040_g6_firmwareprodesk_600_g5_microtower_pc_\(with_pci_slot\)_firmwareelite_slice_g2_with_intel_uniteproone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmware250_g5_firmwarezhan_66_pro_14_g4_firmwarezhan_66_pro_g1eliteone_800_g2_23-inch_touch_all-in-one_pc_firmware348_g4probook_430_g3_firmwareelitedesk_800_65w_g2_desktop_mini_pc_firmwarezbook_fury_15_g7_firmwareprobook_440_g4288_pro_g3_microtower250_g4_firmwareprodesk_600_g3_small_form_factor_pc_firmwareelitebook_840_g6zbook_15_g5z238_microtower_firmwarezbook_studio_g4mt21_thin_clientprodesk_680_g3_microtower_pcelitebook_828_g3prodesk_680_g4_microtower_pc_firmwareelitedesk_800_35w_g4_desktop_mini_pczbook_15u_g3470_g7elitedesk_800_g5_desktop_mini_pcprodesk_680_g2_microtower_pc_firmwareelitebook_x360_1040_g7z238_microtowerprodesk_400_g4_desktop_mini_pcprodesk_600_g6_small_form_factor_pcstream_11_pro_g4_firmwareproone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware205_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)_firmwareprobook_470_g4elitebook_848_g3zhan_66_pro_g3_24_all-in-one_pc_firmware250_g6_firmwareprodesk_600_g6_microtower_pceliteone_800_g4_23.8-inch_touch_all-in-one_pc_firmwareelite_x2_1012_g2elitebook_840_g6_firmwarez2_tower_g4probook_440_g4_firmware280_g4_small_form_factor_\(rom_family_ssid_86e9\)_firmwareprodesk_400_g5_desktop_mini_pcsprout_pro_by_g2240_g7elitebook_848_g3_firmwarezhan_66_pro_g1_firmwareelitebook_1050_g1prodesk_600_g4_microtower_pc_firmwareprodesk_600_g3_microtower_pc_firmwareproone_600_g2_21.5-inch_non-touch_all-in-one_pcelitebook_x360_830_g6_firmwarezbook_create_g7proone_440_g4_23.8-inch_non-touch_all-in-one_business_pcproone_600_g6_22_all-in-one_pceliteone_1000_g1_23.8-in_all-in-one_business_pcprodesk_480_g5_microtower_pcelitebook_840_g5_healthcare_editionelitedesk_800_g6_small_form_factor_pc_firmwareprodesk_400_g2_desktop_mini_pcelitedesk_800_g4_workstation_edition_firmwareelitedesk_800_g3_tower_pc_firmwarezhan_66_pro_g1_microtower_pc_firmwareprobook_470_g3zbook_14u_g6_firmwareprobook_x360_11_g3_education_editionprobook_x360_440_g1_firmwareelitedesk_800_g4_tower_pc_firmwareelitebook_x360_1030_g3probook_x360_11_g2_education_edition_firmwareelitedesk_800_65w_g2_desktop_mini_pcprodesk_400_g5_small_form_factor_pc282_pro_g4_microtower_\(rom_family_ssid_843c\)proone_440_g3_\(rom_family_ssid_81b7\)_firmwareprodesk_600_g2_desktop_mini_pceliteone_800_g3_23.8-inch_non-touch_all-in-one_pc_firmwareprobook_450_g7406_microtower_pcprodesk_600_g2_microtower_pc_firmwareelitebook_850_g3_firmwareprodesk_600_g6_pci_microtower_pcelitedesk_880_g3_tower_pc_firmwareproone_600_g5_21.5-in_all-in-one_business_pcz2_mini_g4prodesk_680_g4_microtower_pc_\(with_pci_slot\)_firmwareprobook_650_g8_firmwareprobook_446_g3_firmwarezbook_15_g4_firmwareelitebook_x360_1030_g4proone_600_g3_21.5-inch_non-touch_all-in-one_pc_firmwareelitebook_848_g4_firmwareelitedesk_800_g6_desktop_mini_pcdesktop_pro_microtower_pczhan_66_pro_15_g2280_g3_microtower_pc_firmwareelitedesk_800_g4_workstation_edition290_g1_small_form_factor_\(rom_family_ssid_843f\)proone_440_g5_23.8-in_all-in-one_business_pcelitebook_850_g4zhan_66_pro_g3_24_all-in-one_pc348_g3_firmwareelite_dragonfly_max205_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)_firmwareproone_400_g2_20-inch_touch_all-in-one_pc280_g5_small_form_factor_\(rom_family_ssid_86e9\)_firmwareelitedesk_800_35w_g3_desktop_mini_pc_firmwareelitedesk_800_g6_tower_pc_firmwareprodesk_600_g6_microtower_pc_firmware246_g7zbook_15_g6elitedesk_880_g6_tower_pc_firmwareprodesk_600_g3_desktop_mini_pczbook_studio_g5elitebook_1040_g3_firmware280_g3_pci_microtower_pcelite_x2_1012_g2_firmwarezbook_15v_g5_mobile_workstation_firmwarerp9_g1_retail_systemprobook_650_g4elitebook_848_g4eliteone_800_g2_23-inch_non-touch_all-in-one_pceliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc_firmwareprobook_640_g4prodesk_400_g4_microtower_pcelitedesk_800_35w_g2_desktop_mini_pcprodesk_600_g5_small_form_factor_pc_firmware256_g7_firmware288_pro_g3_microtower_firmwareelitebook_1030_g1200_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)_firmwarez1_entry_tower_g6_firmwareelitebook_840_g6_healthcare_edition_firmwarezbook_15u_g4_firmwareproone_400_g4_23.8-inch_non-touch_all-in-one_business_pcpro_x2_612_g2_firmware200_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)_firmware340_g4_firmwareprobook_640_g7280_g5_microtower_\(rom_family_ssid_877e\)_firmwareprobook_450_g5_firmwaremt22_thin_clientz1_entry_tower_g6zbook_fury_17_g7340_g7_firmwarezbook_15u_g5258_g7elitedesk_800_65w_g3_desktop_mini_pcelitedesk_880_g2_tower_pceliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_pc_firmwareengage_one_all-in-one_system_firmwareelite_x2_g4_firmwarezbook_15u_g3_firmwarezhan_66_pro_14_g3_firmwareeliteone_1000_g2_23.8-in_touch_all-in-one_business_pcproone_400_g6_24_all-in-one_pc_firmware282_pro_g5_microtower_\(rom_family_ssid_86e9\)_firmware290_g4_microtower_\(rom_family_ssid_8948\)elitebook_830_g5prodesk_480_g5_microtower_pc_firmwaredesktop_pro_g2_firmwareelite_slice_for_meeting_roomsz240_tower280_g4_small_form_factor_\(rom_family_ssid_86e9\)mt20_thin_clientelitebook_folio_g1desktop_pro_300_g3zbook_17_g4proone_400_g2_20-inch_non-touch_all-in-one_pc_firmwaremp9_g4_retail_systemelitebook_840_g5_firmwarez2_small_form_factor_g5_firmwarezbook_14u_g6prodesk_400_g4_small_form_factor_pcprodesk_600_g4_desktop_mini_pc_firmwarezhan_86_pro_g2_microtower_\(rom_family_ssid_843c\)_firmware250_g7_firmwareeliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pceliteone_800_g4_23.8-inch_non-touch_all-in-one_pc_firmwareelitebook_1040_g4282_pro_g3_microtower_pcelitedesk_800_95w_g4_desktop_mini_pc_firmwareproone_600_g3_21.5-inch_non-touch_all-in-one_pc348_g3prodesk_400_g4_small_form_factor_pc_firmwareprobook_470_g4_firmwarerp9_g1_retail_system_firmwareprodesk_680_g6_pci_microtower_pc280_g4_microtower_\(rom_family_ssid_843c\)_firmwareproone_400_g2_20-inch_touch_all-in-one_pc_firmware348_g5_firmware282_pro_g5_microtower_\(rom_family_ssid_86e9\)205_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)zhan_66_pro_15_g3_firmwareproone_600_g6_22_all-in-one_pc_firmware282_pro_g3_microtower_pc_firmwareelitebook_x360_830_g7elitebook_x360_1030_g3_firmware280_pro_g6_microtower_\(rom_family_ssid_8948\)_firmwareeliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pc_firmwareelitebook_846_g5_firmwareprodesk_600_g3_microtower_pcelite_dragonfly_g2_firmware260_g4_desktop_mini_pcproone_400_g5_23.8-inch_all-in-one_business_pc246_g5256_g6_firmware288_pro_g6_microtower_\(rom_family_ssid_877e\)probook_440_g5prodesk_600_g4_microtower_pcproone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmwareproone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmwarezbook_studio_g5_firmware205_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)elitedesk_880_g3_tower_pczbook_fury_15_g7prodesk_680_g3_microtower_pc_firmwareprobook_650_g3200_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)probook_640_g5_firmwareprobook_650_g2elitebook_x360_1040_g8prodesk_400_g6_small_form_factor_pc_firmwareelitedesk_800_65w_g4_desktop_mini_pc_firmwarez_vr_backpack_g1348_g7200_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)eliteone_800_g3_23.8-inch_touch_gpu_all-in-one_pc_firmwareelitebook_828_g4348_g7_firmwareprobook_650_g2_firmwarezbook_15_g3proone_600_g5_21.5-in_all-in-one_business_pc_firmware288_pro_g5_microtower_\(rom_family_ssid_86e9\)eliteone_1000_g2_34-in_curved_all-in-one_business_pcprobook_450_g7_firmwareprobook_650_g4_firmware240_g6_firmware280_pro_g3_small_form_factor_\(rom_family_ssid_843f\)probook_640_g7_firmwarez2_mini_g4_firmwareelitebook_830_g6_firmwareproone_400_g5_20-inch_all-in-one_business_pc_firmwareprobook_430_g6_firmwareprodesk_600_g5_microtower_pc_firmwareeliteone_1000_g1_27-in_4k_uhd_all-in-one_business_pc_firmwareelitedesk_880_g6_tower_pcelitebook_x360_1030_g8zbook_create_g7_firmwareeliteone_800_g6_27_all-in-one_pcprodesk_600_g6_desktop_mini_pczbook_17_g6_firmwareelitedesk_800_g2_small_form_factor_pc_firmwarez_vr_backpack_g1_firmwareelitebook_840_g7zhan_66_pro_g1_microtower_pcz6_g4_workstationzbook_studio_g7elitebook_x360_1030_g2_firmware218_pro_g5_microtower_pc_firmware340_g4282_pro_g4_microtower_\(rom_family_ssid_843c\)_firmwarezhan_66_pro_14_g2elite_slice_g2_-_audio_ready_with_zoom_roomsz4_g4_workstation_\(xeon_w\)_firmwarepro_x2_612_g2z1_all-in-one_g3240_g5prodesk_400_g5_microtower_pcelitebook_850_g3prodesk_400_g5_microtower_pc_firmwareeliteone_800_g5_23.8-inch_all-in-one_firmwareelitedesk_880_g4_tower_pcelitedesk_800_g4_small_form_factor_pc_firmwareprobook_640_g3_firmwarez2_mini_g3_firmwaret430_thin_client_firmwareprobook_430_g4_firmwareprodesk_400_g6_desktop_mini_pc_firmware280_pro_g3_small_form_factor_\(rom_family_ssid_843f\)_firmwareproone_400_g3_20-inch_touch_all-in-one_pcengage_flex_pro-c_retail_systemprobook_650_g3_firmwareprobook_470_g5258_g6elitedesk_880_g5_tower_pc_firmware240_g5_firmware205_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)_firmwareelitebook_x360_1030_g2elitebook_830_g7elite_dragonfly_max_firmwarespectre_pro_x360_g2_firmwareprodesk_400_g4_microtower_pc_firmwarezbook_x2_g4_firmwareelite_slice_for_meeting_rooms_firmwareproone_490_g3_\(rom_family_ssid_82dc\)340_g7z6_g4_workstation_firmwareprodesk_600_g4_desktop_mini_pc280_g4_small_form_factor_\(rom_family_ssid_8768\)290_g3_\(rom_family_ssid_86e9\)prodesk_600_g5_desktop_mini_pc_firmwareprobook_650_g5prodesk_600_g5_microtower_pcelitebook_x360_1020_g2_firmwareproone_400_g4_20-inch_non-touch_all-in-one_business_pcz8_g4_workstation_firmwareeliteone_800_g5_23.8-in_healthcare_edition_all-in-one_firmwareprobook_440_g7eliteone_1000_g1_27-in_4k_uhd_all-in-one_business_pc260_g2_desktop_mini340_g5proone_600_g2_21.5-inch_touch_all-in-one_pc_firmwareprobook_640_g8elitebook_830_g5_firmwareprodesk_680_g4_microtower_pc282_pro_g6_microtower_\(rom_family_ssid_8948\)346_g3mp9_g4_retail_system_firmwareprobook_650_g8elitebook_836_g6_firmware280_g3_pci_microtower_pc_firmwareelitedesk_800_g5_small_form_factor_pc_firmwareproone_400_g5_23.8-inch_all-in-one_business_pc_firmwareprobook_640_g2elitebook_850_g6_firmwaremp9_g2_retail_systemprobook_440_g3_firmware346_g4_firmwareelitebook_846_g5zbook_firefly_15_g7_firmwareprobook_440_g6282_pro_g6_microtower_\(rom_family_ssid_8948\)_firmwareproone_490_g3_\(rom_family_ssid_81b7\)_firmwaredesktop_pro_300_g3_firmware340_g3_firmwareelitedesk_800_g3_tower_pczbook_studio_x360_g5elitebook_x360_830_g7_firmwareproone_400_g6_20_all-in-one_pc205_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)eliteone_800_g3_23.8-inch_touch_all-in-one_pc_firmwarezhan_66_pro_g1_r_microtower_pcelitebook_840_g4_firmware250_g4probook_450_g8zbook_17_g5eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pczbook_firefly_14_g7probook_640_g5zbook_17_g5_firmwareelitebook_850_g5246_g7_firmwareprodesk_600_g6_pci_microtower_pc_firmware200_g3_all-in-one_\(rom_family_ssid_84de\)_firmwareelitebook_840_g5eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pc_firmwarezbook_15u_g5_firmwareprobook_650_g7_firmwarezhan_66_pro_14_g4eliteone_1000_g1_23.8-in_all-in-one_business_pc_firmwareeliteone_800_g6_27_all-in-one_pc_firmwareelitebook_850_g7zbook_15_g6_firmwareprodesk_400_g7_small_form_factor_pc_firmwareelitebook_840_g5_healthcare_edition_firmwareprobook_x360_11_g3_education_edition_firmwareproone_600_g2_21.5-inch_non-touch_all-in-one_pc_firmwarezbook_15u_g6_firmwareelitedesk_800_65w_g3_desktop_mini_pc_firmware260_g2_desktop_mini_firmwareelitedesk_880_g5_tower_pcelite_x2_1013_g3_firmwareelitedesk_800_95w_g4_desktop_mini_pcelite_slice_g2_-_partner_ready_with_microsoft_teams_rooms_firmwareproone_400_g5_20-inch_all-in-one_business_pcelitedesk_800_g3_small_form_factor_pc_firmware280_pro_g6_microtower_\(rom_family_ssid_8948\)elitebook_x360_1040_g5elitebook_x360_1040_g8_firmwareelitebook_x360_830_g5_firmwareproone_400_g6_24_all-in-one_pcz640_workstation280_g3_microtower_pcproone_480_g3_20-inch_non-touch_all-in_one_pcproone_400_g3_20-inch_non-touch_all-in-one_pc_firmwareelite_dragonfly_firmwareelitebook_840_g4stream_11_pro_g5_firmwarez4_g4_workstation_\(core-x\)zhan_66_pro_14_g2_firmwareelitebook_820_g3_firmwarezbook_15_g5_firmware290_g2_microtower_\(rom_family_ssid_843c\)_firmwareeliteone_800_g5_23.8-inch_all-in-oneprobook_450_g5elite_slice_g2_with_intel_unite_firmwaret638_thin_client_firmwarez840_workstation_firmwareelitebook_840r_g4_firmwareprodesk_600_g3_small_form_factor_pcprobook_x360_11_g6_education_editioneliteone_800_g3_23.8-inch_touch_gpu_all-in-one_pct638_thin_client280_pro_g4_microtower_\(rom_family_ssid_843c\)256_g7elitedesk_880_g4_tower_pc_firmwareprodesk_600_g2_small_form_factor_pc_firmwareelitedesk_800_g5_desktop_mini_pc_firmwareelitebook_840r_g4elitebook_836_g5_firmwareeliteone_1000_g2_23.8-in_touch_all-in-one_business_pc_firmware246_g6elitebook_x360_1030_g7290_g1_microtower_pczhan_x_13_g2_firmwareeliteone_1000_g2_34-in_curved_all-in-one_business_pc_firmware246_g5_firmwareeliteone_800_g3_23.8-inch_non-touch_all-in-one_pcz8_g4_workstationelite_x2_1013_g3200_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)desktop_pro_g1_microtower_\(rom_family_ssid_843c\)elitedesk_800_65w_g4_desktop_mini_pcelitebook_850_g4_firmwareprobook_430_g6elitedesk_800_g2_small_form_factor_pcprodesk_400_g6_microtower_pc_firmwareelite_slice_g2_with_microsoft_teams_rooms_firmwarezhan_99_pro_g1_microtower_\(rom_family_ssid_843c\)elitedesk_800_g6_small_form_factor_pcprobook_470_g3_firmwareprobook_450_g4_firmwareelitebook_850_g6470_g7_firmware290_g4_microtower_\(rom_family_ssid_877e\)_firmware200_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)_firmwareelitedesk_800_35w_g3_desktop_mini_pcprodesk_480_g6_microtower_pc280_g5_microtower_\(rom_family_ssid_877e\)probook_640_g2_firmwarezbook_fury_17_g7_firmwareelitebook_820_g4_firmwareelitebook_820_g4elitebook_836_g6elitebook_x360_830_g5290_g1_microtower_pc_firmware290_g2_small_form_factor_\(rom_family_ssid_8768\)probook_x360_11_g2_education_editionproone_440_g6_24_all-in-one_pc_firmwareproone_440_g3_\(rom_family_ssid_82dc\)_firmwareeliteone_1000_g1_34-in_curved_all-in-one_business_pcelitebook_836_g5prodesk_400_g5_desktop_mini_pc_firmwareprodesk_400_g2_desktop_mini_pc_firmwareproone_480_g3_20-inch_non-touch_all-in_one_pc_firmwareproone_600_g2_21.5-inch_touch_all-in-one_pcprobook_x360_440_g1proone_400_g3_20-inch_touch_all-in-one_pc_firmwarez4_g4_workstation_\(xeon_w\)z440_workstationz1_entry_tower_g5_firmware205_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)prodesk_600_g2_desktop_mini_pc_firmwareelitebook_850_g5_firmwareprobook_440_g7_firmwaresprout_pro_by_g2_firmwareelitebook_1040_g4_firmware250_g7zbook_14u_g5_firmware258_g7_firmware205_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)_firmwareelitedesk_800_g5_tower_pc_firmware288_pro_g4_microtower_\(rom_family_ssid_843c\)_firmwareelite_x2_1012_g1_tablet_firmwareelitebook_x360_830_g6probook_450_g3_firmwareprobook_440_g5_firmwarezbook_17_g3_firmwareelitebook_830_g6elitebook_820_g3zcentral_4r_firmware340s_g7probook_650_g5_firmwareprobook_450_g6z2_small_form_factor_g4zbook_power_g7prodesk_400_g6_desktop_mini_pcprobook_440_g6_firmwareelitebook_828_g3_firmwareeliteone_800_g4_23.8-inch_touch_all-in-one_pcelitebook_850_g7_firmwarezhan_66_pro_g3_22_all-in-one_pc_firmwarez2_mini_g5elitebook_x360_1030_g8_firmwareprobook_11_g2_education_editionzbook_x2_g4zbook_firefly_14_g7_firmwareprodesk_480_g7_pci_microtower_pc_firmwareprodesk_600_g6_desktop_mini_pc_firmware280_g4_microtower_\(rom_family_ssid_843c\)proone_400_g6_20_all-in-one_pc_firmwareprodesk_400_g7_small_form_factor_pcspectre_pro_13_g1elitebook_830_g7_firmwareprobook_470_g5_firmwareelitebook_840_g7_firmwarezhan_66_pro_g3_22_all-in-one_pc200_g3_all-in-one_\(rom_family_ssid_84de\)256_g6260_g3_desktop_mini_pc_firmwareprodesk_600_g5_microtower_pc_\(with_pci_slot\)eliteone_1000_g1_23.8-in_touch_all-in-one_business_pc_firmware280_g4_small_form_factor_\(rom_family_ssid_8768\)_firmware200_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)_firmwareelite_slice_g2_-_audio_ready_with_zoom_rooms_firmwarez440_workstation_firmware290_g2_microtower_\(rom_family_ssid_843c\)elitedesk_800_g5_small_form_factor_pcproone_440_g6_24_all-in-one_pcprodesk_600_g2_small_form_factor_pczhan_86_pro_g1_microtower_pc_firmwareeliteone_1000_g2_23.8-in_all-in-one_business_pceliteone_800_g4_23.8-inch_non-touch_all-in-one_pcprobook_440_g8_firmwareelitebook_840_g6_healthcare_editioneliteone_800_g6_24_all-in-one_pc_firmwarezbook_17_g4_firmwareprodesk_400_g7_microtower_pct430_thin_clientdesktop_pro_g3_microtower_firmware246_g4_firmwarezhan_66_pro_13_g2_firmwareprobook_450_g6_firmwareprobook_11_g2_education_edition_firmwareelite_slice_g2_with_zoom_roomsproone_440_g3_\(rom_family_ssid_82dc\)elitebook_x360_1020_g2elitebook_1050_g1_firmwareeliteone_1000_g2_23.8-in_all-in-one_business_pc_firmwareprobook_430_g8_firmwareprodesk_680_g2_microtower_pcdesktop_pro_microtower_pc_firmwarezbook_15u_g4proone_400_g2_20-inch_non-touch_all-in-one_pc348_g4_firmwaredesktop_pro_g3_microtowerelite_x2_1012_g1_firmwareproone_490_g3_\(rom_family_ssid_82dc\)_firmwareprobook_x360_11_g4_education_editionprobook_430_g5HP PC BIOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-36631
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-8.4||HIGH
EPSS-0.07% / 20.30%
||
7 Day CHG~0.00%
Published-13 Jun, 2025 | 14:34
Updated-23 Oct, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.

Action-Not Available
Vendor-Tenable, Inc.Microsoft Corporation
Product-nessus_agentwindowsAgent
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-37186
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.68%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 20:16
Updated-02 Mar, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation Vulnerability in HPE Aruba Networking Virtual Intranet Access (VIA) Client for Linux

A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access (VIA) client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)
Product-Virtual Intranet Access (VIA)
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-33187
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.01% / 2.87%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 17:57
Updated-26 Feb, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, denial of service, or escalation of privileges.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-33188
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-8||HIGH
EPSS-0.03% / 7.84%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 17:57
Updated-02 Dec, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in hardware resources where an attacker could tamper with hardware controls. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-20114
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.21%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 19:58
Updated-03 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In placeCall of TelecomManager.java, there is a possible way for an application to keep itself running with foreground service importance due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-211114016

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-3224
Matching Score-4
Assigner-Docker Inc.
ShareView Details
Matching Score-4
Assigner-Docker Inc.
CVSS Score-7.3||HIGH
EPSS-0.03% / 10.64%
||
7 Day CHG~0.00%
Published-28 Apr, 2025 | 19:21
Updated-10 May, 2025 | 00:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Elevation of Privilege in Docker Desktop for Windows during Upgrade due to Insecure Directory Deletion

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with high privileges. However, this directory often does not exist by default, and C:\ProgramData\ allows normal users to create new directories. By creating a malicious Docker\config folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege.

Action-Not Available
Vendor-Docker, Inc.
Product-desktopDocker Desktop
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-29976
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.72% / 72.66%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 16:58
Updated-13 Feb, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Elevation of Privilege Vulnerability

Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-36500
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.21%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 07:19
Updated-02 Aug, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-34741
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.36% / 58.61%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 21:56
Updated-17 Dec, 2024 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-783
Operator Precedence Logic Error
CVE-2024-34743
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 14.05%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 21:56
Updated-17 Dec, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2024-34332
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 10.62%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in SiSoftware SANDRA v31.66 (SANDRA.sys 15.18.1.1) and before allows an attacker to escalate privileges via a crafted buffer sent to the Kernel Driver using the DeviceIoControl Windows API.

Action-Not Available
Vendor-n/asisoftware
Product-n/asandra
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-33656
Matching Score-4
Assigner-AMI
ShareView Details
Matching Score-4
Assigner-AMI
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.31%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 16:16
Updated-12 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory Leak in SmmComuptrace Module

The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. This could lead to privilege escalation, arbitrary code execution, and bypassing OS security mechanisms

Action-Not Available
Vendor-AMI
Product-aptio_vAptioVaptio_v
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-32906
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.67%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:01
Updated-08 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid_kernel
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2022-41975
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 26.77%
||
7 Day CHG~0.00%
Published-30 Sep, 2022 | 17:20
Updated-20 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode.

Action-Not Available
Vendor-realvncn/aMicrosoft Corporation
Product-windowsvnc_viewervnc_servern/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34488
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 31.64%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:54
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Console Driver Elevation of Privilege Vulnerability

Windows Console Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34514
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.41% / 61.27%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:54
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-32849
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 31.34%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 21:17
Updated-30 Jul, 2025 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-maximum_security_2022windowsmaximum_security_2023Trend Micro Maximum Security (Consumer)maximum_security
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-31311
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 15.80%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 20:09
Updated-17 Dec, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • ...
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • Next
Details not found