CVE Archive

CVE ID	Name	Publish Date	References
CVE-2025-0117	GlobalProtect App: Local Privilege Escalation (PE) Vulnerability	GlobalProtect App Palo Alto Networks	GlobalProtect App Palo Alto Networks
CVE-2025-0120	GlobalProtect App: Local Privilege Escalation (PE) Vulnerability	GlobalProtect App Palo Alto Networks	GlobalProtect App Palo Alto Networks
CVE-2025-0131	GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK	2025-05-14T18:06:45.870Z	MetaDefender Endpoint Security SDK OPSWAT
CVE-2025-0139	Autonomous Digital Experience Manager: Privilege Escalation (PE) Vulnerability	2025-07-09T22:57:56.688Z	Autonomous Digital Experience Manager Palo Alto Networks
CVE-2025-0141	GlobalProtect App: Privilege Escalation (PE) Vulnerability	GlobalProtect App Palo Alto Networks	GlobalProtect App Palo Alto Networks
CVE-2025-0177	Javo Core <= 3.0.0.080 - Unauthenticated Privilege Escalation in ajax_signup	2025-03-08T08:22:57.176Z	Javo Core javothemes
CVE-2025-0180	WP Foodbakery <= 4.7 - Unauthenticated Privilege Escalation in foodbakery_registration_validation	2025-02-11T06:54:33.911Z	WP Foodbakery Chimpstudio
CVE-2025-0217	Privileged Remote Access Authentication Bypass	2025-05-05T17:00:05.244Z	Privileged Remote Access BeyondTrust
CVE-2025-0309	Netskope Client Local Elevation of Privileges	2025-08-14T04:35:15.287Z	Netskope Client Netskope
CVE-2025-0320	Citrix Secure Access - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges	2025-06-17T13:25:22.351Z	Secure Access Client for Windows Citrix
CVE-2025-0374	Unprivileged access to system files	2025-01-30T04:49:07.687Z	FreeBSD FreeBSD
CVE-2025-0413	Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability	2025-02-04T23:09:18.874Z	Desktop Parallels
CVE-2025-0416	Valmet DNA Local privilege escalation through insecure DCOM configuration	2025-04-01T04:05:14.236Z	Valmet DNA Valmet
CVE-2025-0425	Local Privilege Escalation via Config Manipulation	2025-02-18T07:57:35.329Z	bestinformed Infoclient Cordaware
CVE-2025-0505	On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state	2025-05-08T18:37:13.981Z	CloudVision Portal Arista Networks
CVE-2025-0542	G DATA Management Server Local privilege escalation	2025-01-25T16:15:09.526Z	G DATA Management Server G DATA CyberDefense AG
CVE-2025-0543	G DATA Security Client Local privilege escalation	2025-01-25T16:17:46.634Z	G DATA Security Client G DATA CyberDefense AG
CVE-2025-0676	Commend Injection Leading to Privilege Escalation	EDR-810 Series Moxa	EDF-G1002-BP Series Moxa
CVE-2025-0712	APM Server Uncontrolled Search Path Element can lead to Local Privilege Escalation (LPE) when using the Windows Installer	2025-07-30T00:12:43.639Z	APM Server Elastic
CVE-2025-0834	Wondershare Dr.Fone Privilege Scalation Vulnerability	2025-01-30T09:02:48.133Z	Dr.Fone Wondershare
CVE-2025-0867	Privilege Escalation in MEAC300	2025-02-14T12:37:09.250Z	SICK MEAC300 SICK AG
CVE-2025-0884	Privilege Escalation vulnerability has been discovered in OpenText™ Service Manager.	2025-03-12T15:24:31.859Z	Service Manager OpenText™
CVE-2025-0889	Privilege Management for Windows – Elevation of Privilege	2025-02-26T01:41:25.407Z	Privilege Management for Windows BeyondTrust
CVE-2025-10016	Local Privilege Escalation in Sparkle Autoupdate Daemon	2025-09-16T10:03:28.701Z	Sparkle Sparkle Project
CVE-2025-10023	A user with elevated privileges can inject XSS in the Services Meta-services configuration page	2025-10-27T15:07:21.621Z	Infra Monitoring Centreon
CVE-2025-10038	Binary MLM Plan <= 3.0 - Unauthenticated Limited Privilege Escalation	2025-10-15T08:25:57.132Z	Binary MLM Plan letscms
CVE-2025-10199	A local privilege escalation vulnerability exists in LizardBytes' Sunshine for Windows	2025-09-09T17:30:19.958Z	Sunshine for Windows LizardByte
CVE-2025-10231	N-central Incorrect Default Permissions could lead to Privilege Escalation	2025-09-10T13:34:41.906Z	N-central N-able
CVE-2025-10293	Keyy Two Factor Authentication (like Clef) <= 1.2.3 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover	2025-10-15T08:25:50.156Z	Keyy Two Factor Authentication (like Clef) nexist
CVE-2025-10299	WPBifröst – Instant Passwordless Temporary Login Links <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation	2025-10-15T08:25:55.167Z	WPBifröst – Instant Passwordless Temporary Login Links hakik
CVE-2025-10541	Local Privilege Escalation via Insecure Update Mechanism in iMonitor EAM	2025-09-25T14:31:32.644Z	iMonitor EAM iMonitor Software Inc.
CVE-2025-10576	Sound Research SECOMNService Escalation of Privilege	2025-10-15T16:53:56.658Z	Sound Research HP, Inc.
CVE-2025-10577	Sound Research SECOMNService Escalation of Privilege	2025-10-15T16:56:44.939Z	Sound Research HP, Inc.
CVE-2025-10578	HP Support Assistant - Potential Escalation of Privilege	2025-10-01T18:44:49.949Z	HP Support Assistant HP Inc.
CVE-2025-10725	Openshift-ai: overly permissive clusterrole allows authenticated users to escalate privileges to cluster admin	Red Hat OpenShift AI 2.19 Red Hat	Red Hat OpenShift AI 2.16 Red Hat
CVE-2025-10751	MacForge 1.2.0 Beta 1 - Local Privilege Escalation	2025-10-04T00:37:58.200Z	MacForge MacEnhance
CVE-2025-11007	CE21 Suite 2.2.1 - 2.3.1 - Missing Authorization to Unauthenticated Privilege Escalation via Plugin Settings Update	2025-11-04T03:26:45.901Z	CE21 Suite ce21com
CVE-2025-11008	CE21 Suite <= 2.3.1 - Unauthenticated Sensitive Information Exposure to Privilege Escalation	2025-11-04T03:26:46.726Z	CE21 Suite ce21com
CVE-2025-11086	Academy LMS Pro <= 3.3.7 - Unauthenticated Privilege Escalation via Social Login Addon	2025-10-22T11:25:18.300Z	Academy LMS Pro academylms
CVE-2025-11093	Arbitrary Code Execution with higher privileged users in Multiple WSO2 Products via Script Mediator Engines (GraalJS and NashornJS)	WSO2 API Manager WSO2	WSO2 Micro Integrator WSO2
CVE-2025-11462	Local Privilege Escalation Vulnerability in AWS Client VPN macOS Client	2025-10-07T19:44:25.608Z	Client VPN AWS
CVE-2025-11522	Search & Go - Directory WordPress Theme <= 2.7 - Authentication Bypass to Privilege Escalation via Account Takeover	2025-10-09T07:23:51.749Z	Search & Go - Directory WordPress Theme Elated-Themes
CVE-2025-11533	WP Freeio <= 1.2.21 - Unauthenticated Privilege Escalation	2025-10-11T07:25:56.458Z	WP Freeio ApusTheme
CVE-2025-11561	Sssd: sssd default kerberos configuration allows privilege escalation on ad-joined linux systems	Red Hat Enterprise Linux 8 Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support Red Hat
CVE-2025-11709	Out of bounds read/write in a privileged process triggered by WebGL textures	Firefox ESR Mozilla	Firefox Mozilla
CVE-2025-11749	AI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation	2025-11-05T05:31:25.156Z	AI Engine tigroumeow
CVE-2025-11906	Privilege escalation via writable configuration files in Progress Flowmon	2025-10-30T07:39:38.530Z	Flowmon Progress Software
CVE-2025-12095	Simple Registration for WooCommerce <= 1.5.8 - Cross-Site Request Forgery to Privilege Escalation via Role Request Approval	2025-10-25T05:31:23.467Z	Simple Registration for WooCommerce astoundify
CVE-2025-12158	Simple User Capabilities <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation	2025-11-04T04:27:22.881Z	Simple User Capabilities tanvirahmed1984
CVE-2025-12424	Privilege Escalation through SUID-bit Binary	BLU-IC4 Azure Access Technology	BLU-IC2 Azure Access Technology

CVE ID

Name

Publish Date

References

CVE-2025-0117

GlobalProtect App: Local Privilege Escalation (PE) Vulnerability

GlobalProtect App Palo Alto Networks

CVE-2025-0120

GlobalProtect App: Local Privilege Escalation (PE) Vulnerability

GlobalProtect App Palo Alto Networks

CVE-2025-0131

GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK

2025-05-14T18:06:45.870Z

MetaDefender Endpoint Security SDK OPSWAT

CVE-2025-0139

Autonomous Digital Experience Manager: Privilege Escalation (PE) Vulnerability

2025-07-09T22:57:56.688Z

Autonomous Digital Experience Manager Palo Alto Networks

CVE-2025-0141

GlobalProtect App: Privilege Escalation (PE) Vulnerability

GlobalProtect App Palo Alto Networks

CVE-2025-0177

Javo Core <= 3.0.0.080 - Unauthenticated Privilege Escalation in ajax_signup

2025-03-08T08:22:57.176Z

Javo Core javothemes

CVE-2025-0180

WP Foodbakery <= 4.7 - Unauthenticated Privilege Escalation in foodbakery_registration_validation

2025-02-11T06:54:33.911Z

WP Foodbakery Chimpstudio

CVE-2025-0217

Privileged Remote Access Authentication Bypass

2025-05-05T17:00:05.244Z

Privileged Remote Access BeyondTrust

CVE-2025-0309

Netskope Client Local Elevation of Privileges

2025-08-14T04:35:15.287Z

Netskope Client Netskope

CVE-2025-0320

Citrix Secure Access - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges

2025-06-17T13:25:22.351Z

Secure Access Client for Windows Citrix

CVE-2025-0374

Unprivileged access to system files

2025-01-30T04:49:07.687Z

FreeBSD FreeBSD

CVE-2025-0413

Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability

2025-02-04T23:09:18.874Z

Desktop Parallels

CVE-2025-0416

Valmet DNA Local privilege escalation through insecure DCOM configuration

2025-04-01T04:05:14.236Z

Valmet DNA Valmet

CVE-2025-0425

Local Privilege Escalation via Config Manipulation

2025-02-18T07:57:35.329Z

bestinformed Infoclient Cordaware

CVE-2025-0505

On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state

2025-05-08T18:37:13.981Z

CloudVision Portal Arista Networks

CVE-2025-0542

G DATA Management Server Local privilege escalation

2025-01-25T16:15:09.526Z

G DATA Management Server G DATA CyberDefense AG

CVE-2025-0543

G DATA Security Client Local privilege escalation

2025-01-25T16:17:46.634Z

G DATA Security Client G DATA CyberDefense AG

CVE-2025-0676

Commend Injection Leading to Privilege Escalation

EDR-810 Series Moxa

EDF-G1002-BP Series Moxa

CVE-2025-0712

APM Server Uncontrolled Search Path Element can lead to Local Privilege Escalation (LPE) when using the Windows Installer

2025-07-30T00:12:43.639Z

APM Server Elastic

CVE-2025-0834

Wondershare Dr.Fone Privilege Scalation Vulnerability

2025-01-30T09:02:48.133Z

Dr.Fone Wondershare

CVE-2025-0867

Privilege Escalation in MEAC300

2025-02-14T12:37:09.250Z

SICK MEAC300 SICK AG

CVE-2025-0884

Privilege Escalation vulnerability has been discovered in OpenText™ Service Manager.

2025-03-12T15:24:31.859Z

Service Manager OpenText™

CVE-2025-0889

Privilege Management for Windows – Elevation of Privilege

2025-02-26T01:41:25.407Z

Privilege Management for Windows BeyondTrust

CVE-2025-10016

Local Privilege Escalation in Sparkle Autoupdate Daemon

2025-09-16T10:03:28.701Z

Sparkle Sparkle Project

CVE-2025-10023

A user with elevated privileges can inject XSS in the Services Meta-services configuration page

2025-10-27T15:07:21.621Z

Infra Monitoring Centreon

CVE-2025-10038

Binary MLM Plan <= 3.0 - Unauthenticated Limited Privilege Escalation

2025-10-15T08:25:57.132Z

Binary MLM Plan letscms

CVE-2025-10199

A local privilege escalation vulnerability exists in LizardBytes' Sunshine for Windows

2025-09-09T17:30:19.958Z

Sunshine for Windows LizardByte

CVE-2025-10231

N-central Incorrect Default Permissions could lead to Privilege Escalation

2025-09-10T13:34:41.906Z

N-central N-able

CVE-2025-10293

Keyy Two Factor Authentication (like Clef) <= 1.2.3 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover

2025-10-15T08:25:50.156Z

Keyy Two Factor Authentication (like Clef) nexist

CVE-2025-10299

WPBifröst – Instant Passwordless Temporary Login Links <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

2025-10-15T08:25:55.167Z

WPBifröst – Instant Passwordless Temporary Login Links hakik

CVE-2025-10541

Local Privilege Escalation via Insecure Update Mechanism in iMonitor EAM

2025-09-25T14:31:32.644Z

iMonitor EAM iMonitor Software Inc.

CVE-2025-10576

Sound Research SECOMNService Escalation of Privilege

2025-10-15T16:53:56.658Z

Sound Research HP, Inc.

CVE-2025-10577

Sound Research SECOMNService Escalation of Privilege

2025-10-15T16:56:44.939Z

Sound Research HP, Inc.

CVE-2025-10578

HP Support Assistant - Potential Escalation of Privilege

2025-10-01T18:44:49.949Z

HP Support Assistant HP Inc.

CVE-2025-10725

Openshift-ai: overly permissive clusterrole allows authenticated users to escalate privileges to cluster admin

Red Hat OpenShift AI 2.19 Red Hat

Red Hat OpenShift AI 2.16 Red Hat

CVE-2025-10751

MacForge 1.2.0 Beta 1 - Local Privilege Escalation

2025-10-04T00:37:58.200Z

MacForge MacEnhance

CVE-2025-11007

CE21 Suite 2.2.1 - 2.3.1 - Missing Authorization to Unauthenticated Privilege Escalation via Plugin Settings Update

2025-11-04T03:26:45.901Z

CE21 Suite ce21com

CVE-2025-11008

CE21 Suite <= 2.3.1 - Unauthenticated Sensitive Information Exposure to Privilege Escalation

2025-11-04T03:26:46.726Z

CE21 Suite ce21com

CVE-2025-11086

Academy LMS Pro <= 3.3.7 - Unauthenticated Privilege Escalation via Social Login Addon

2025-10-22T11:25:18.300Z

Academy LMS Pro academylms

CVE-2025-11093

Arbitrary Code Execution with higher privileged users in Multiple WSO2 Products via Script Mediator Engines (GraalJS and NashornJS)

WSO2 API Manager WSO2

WSO2 Micro Integrator WSO2

CVE-2025-11462

Local Privilege Escalation Vulnerability in AWS Client VPN macOS Client

2025-10-07T19:44:25.608Z

Client VPN AWS

CVE-2025-11522

Search & Go - Directory WordPress Theme <= 2.7 - Authentication Bypass to Privilege Escalation via Account Takeover

2025-10-09T07:23:51.749Z

Search & Go - Directory WordPress Theme Elated-Themes

CVE-2025-11533

WP Freeio <= 1.2.21 - Unauthenticated Privilege Escalation

2025-10-11T07:25:56.458Z

WP Freeio ApusTheme

CVE-2025-11561

Sssd: sssd default kerberos configuration allows privilege escalation on ad-joined linux systems

Red Hat Enterprise Linux 8 Red Hat

Red Hat Enterprise Linux 7 Extended Lifecycle Support Red Hat

CVE-2025-11709

Out of bounds read/write in a privileged process triggered by WebGL textures

Firefox ESR Mozilla

Firefox Mozilla

CVE-2025-11749

AI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation

2025-11-05T05:31:25.156Z

AI Engine tigroumeow

CVE-2025-11906

Privilege escalation via writable configuration files in Progress Flowmon

2025-10-30T07:39:38.530Z

Flowmon Progress Software

CVE-2025-12095

Simple Registration for WooCommerce <= 1.5.8 - Cross-Site Request Forgery to Privilege Escalation via Role Request Approval

2025-10-25T05:31:23.467Z

Simple Registration for WooCommerce astoundify

CVE-2025-12158

Simple User Capabilities <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

2025-11-04T04:27:22.881Z

Simple User Capabilities tanvirahmed1984

CVE-2025-12424

Privilege Escalation through SUID-bit Binary

BLU-IC4 Azure Access Technology

BLU-IC2 Azure Access Technology

CVE year by year statistics.

CVE year statistics by common vulnerability domain.