privilege escalation

Microsoft’s security tracker has recorded CVE‑2025‑64658, a newly assigned elevation‑of‑privilege vulnerability tied to Windows File Explorer / the Windows Shell; the public details describe a race condition (CWE‑362) in the Shell that can allow an authorized local user to escalate privileges...

Microsoft’s public vulnerability record for CVE-2025-62470 confirms a new high‑impact elevation‑of‑privilege flaw in the Windows Common Log File System (CLFS) driver that, according to vendor metadata and multiple independent trackers, is a heap‑based buffer‑overflow allowing a local, authorized...

A newly cataloged Windows kernel vulnerability, tracked as CVE-2025-62458, is a heap-based buffer overflow in the Win32k graphics subsystem (GRFX) that allows an authenticated local user to escalate privileges to higher system levels; Microsoft’s Security Update Guide lists the entry for the CVE...

An out‑of‑bounds read in the Windows Cloud Files Mini Filter Driver (cldflt.sys) can be abused to escalate privileges locally, and administrators should treat the resulting CVE — reported under CVE-2025-62457 by Microsoft — as a high‑priority patching item for any systems that expose or use...

Microsoft has recorded CVE-2025-62466, a Windows Client‑Side Caching (CSC, aka Offline Files) elevation‑of‑privilege vulnerability that the vendor lists in its Security Update Guide and which public CVE aggregators are currently scoring as High (CVSS v3.1 = 7.8); the entry describes a null...

OpenPrinting’s CUPS received a security update on November 27–29, 2025 after a stack-based out‑of‑bounds write (CWE‑124 / CWE‑129) was found in the cupsd configuration parser that lets a local lpadmin user inject a malicious IPv6 fragment into cupsd.conf through the web UI — an input‑validation...

Microsoft’s advisory tracker lists CVE-2025-62207 as an Elevation of Privilege vulnerability affecting Azure Monitor components, but public technical details are currently limited and the vendor entry does not disclose an exploit proof‑of‑concept; defenders should treat this as an urgent signal...

Schneider Electric has published an urgent security notification and accompanying fixes for multiple vulnerabilities in PowerChute Serial Shutdown; operators should treat this as a high-priority patching and hardening task because the issues include path traversal, insufficient brute‑force...

Microsoft has confirmed a dangerous Remote Desktop vulnerability — tracked as CVE-2025-60703 — that can be exploited by a local, low‑privilege user to escalate to SYSTEM‑level privileges on affected Windows hosts, and Microsoft has already distributed mitigations in the November 2025 security...

Windows 11’s November cumulative (reported as KB5068861 in press coverage) marks one of the more consequential Patch Tuesday rollouts of the year: a staged feature delivery that flips on a redesigned Start UI for more users, introduces colourful taskbar battery icons with an optional percentage...

Microsoft has published an advisory for CVE-2025-59505: a local Elevation of Privilege (EoP) in the Windows Smart Card subsystem that Microsoft classifies as a double‑free (CWE‑415) memory‑corruption bug; community trackers assign a CVSS v3.1 base score of 7.8 (High) and report vendor-supplied...

Microsoft has recorded CVE-2025-59507 — an elevation‑of‑privilege (EoP) vulnerability in the Windows Speech runtime — and published an update that vendors and administrators should treat as a high‑priority local remediation item. This flaw, described as a race condition (concurrent execution...

Microsoft has published a security update for CVE-2025-60719, an untrusted pointer dereference in the Windows Ancillary Function Driver for WinSock (afd.sys) that can be abused by a local, authenticated attacker to gain elevated privileges; administrators should treat this as a high-priority...

Microsoft has published an advisory for CVE-2025-60705, an elevation of privilege (EoP) flaw in the Windows Client‑Side Caching (CSC) / Offline Files subsystem that — according to vendor metadata and multiple independent trackers — allows a locally authorized user with low privileges to escalate...

Microsoft released a security update addressing CVE-2025-62215 — a Windows kernel race-condition that can allow a local, authenticated attacker to escalate privileges to SYSTEM — and administrators must treat this as a high-priority local escalation risk, verify patch deployment across affected...

Microsoft has recorded CVE-2025-62213 as a use‑after‑free elevation‑of‑privilege in the Windows Ancillary Function Driver for WinSock (afd.sys), a kernel‑mode networking component, and administrators are urged to apply the vendor's security update immediately to close a local post‑compromise...

An attacker who successfully exploits CVE-2025-59499 can inherit the privileges of the process that runs the vulnerable query — in other words, exploitation can grant whatever SQL Server-level or OS-level rights the targeted process holds; if the vulnerable query executes under a principal that...

A newly recorded kernel vulnerability tied to the Windows Transport Driver Interface (TDI) translation component — tracked as CVE‑2025‑60720 — has been classified as a high‑severity local elevation‑of‑privilege issue affecting multiple Windows client and server SKUs; vendors and independent...

Microsoft has published a security advisory for CVE-2025-60718, a high-severity elevation-of-privilege (EoP) vulnerability in the new Windows Administrator Protection elevation model that can let an authenticated local attacker gain administrator-equivalent rights through an untrusted search...

Microsoft’s Security Response Center has added CVE‑2025‑60716 to its November Patch Tuesday advisories: a use‑after‑free flaw in the DirectX Graphics Kernel that allows an authenticated local attacker to elevate privileges to SYSTEM if they win a race condition, and Microsoft rates the issue as...