CVE & Exploit Intelligence Database

CVE-2025-20048 6.7 MEDIUM EPSS 0.00

Uncontrolled search path for the Intel(R) Trace Analyzer and Collector software all verions may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Aug 12, 2025

CVE-2025-20017 6.7 MEDIUM EPSS 0.00

Uncontrolled search path for some Intel(R) oneAPI Toolkit and component software installers may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Aug 12, 2025

CVE-2025-30033 7.8 HIGH EPSS 0.00

The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component.

CWE-427 Aug 12, 2025

CVE-2025-53395 7.7 HIGH EPSS 0.00

Paramount Macrium Reflect through 2025-06-26 allows local attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx backup file and a malicious VSSSvr.dll located in the same directory. When a user with administrative privileges mounts a backup by opening the .mrimgx file, Reflect loads the attacker's VSSSvr.dll after the mount completes. This occurs because of untrusted DLL search path behavior in ReflectMonitor.exe.

CWE-427 Aug 04, 2025

CVE-2025-53394 7.7 HIGH EPSS 0.00

Paramount Macrium Reflect through 2025-06-26 allows attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx or .mrbax backup file and a renamed executable placed in the same directory. When a user with administrative privileges opens the crafted backup file and proceeds to mount it, Reflect launches the renamed executable (e.g., explorer.exe), which is under attacker control. This occurs because of insufficient validation of companion files referenced during backup mounting.

CWE-427 Aug 04, 2025

CVE-2025-25011 7.0 HIGH EPSS 0.00

An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete arbitrary files, potentially gaining SYSTEM privileges.

CWE-427 Jul 30, 2025

CVE-2025-0712 7.0 HIGH EPSS 0.00

An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete arbitrary files, potentially gaining SYSTEM privileges.

CWE-427 Jul 30, 2025

CVE-2025-7676 EPSS 0.00

DLL hijacking of all PE32 executables when run on Windows for ARM64 CPU architecture. This allows an attacker to execute code, if the attacker can plant a DLL in the same directory as the executable. Vulnerable versions of Windows 11 for ARM attempt to load Base DLLs that would ordinarily not be loaded from the application directory. Fixed in release 24H2, but present in all earlier versions of Windows 11 for ARM CPUs.

CWE-427 Jul 28, 2025

CVE-2024-13976 EPSS 0.00

A DLL injection vulnerability exists in Commvault for Windows 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. During the installation of maintenance updates, an attacker with local access may exploit uncontrolled search path or DLL loading behavior to execute arbitrary code with elevated privileges. The vulnerability has been resolved in versions 11.20.202, 11.28.124, 11.32.65, 11.34.37, and 11.36.15.

CWE-427 Jul 25, 2025

CVE-2025-7427 5.9 MEDIUM EPSS 0.00

Uncontrolled Search Path Element in Arm Development Studio before 2025 may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio.

CWE-427 Jul 22, 2025

CVE-2025-1729 6.7 MEDIUM EPSS 0.00

A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges.

CWE-427 Jul 17, 2025

CVE-2025-1700 7.0 HIGH EPSS 0.00

A DLL hijacking vulnerability was reported in the Motorola Software Fix (Rescue and Smart Assistant) installer that could allow a local attacker to escalate privileges during installation of the software.

CWE-427 Jul 17, 2025

CVE-2025-7472 7.5 HIGH EPSS 0.00

A local privilege escalation vulnerability in the Intercept X for Windows installer prior version 1.22 can lead to a local user gaining system level privileges, if the installer is run as SYSTEM.

CWE-427 Jul 17, 2025

CVE-2025-34109 2 PoCs Analysis EPSS 0.03

PSEvents.exe in multiple Panda Security products runs hourly with SYSTEM privileges and loads DLL files from a user-writable directory without proper validation. An attacker with low-privileged access who can write DLL files to the monitored directory can achieve arbitrary code execution with SYSTEM privileges. Affected products include Panda Global Protection 2016, Panda Antivirus Pro 2016, Panda Small Business Protection, and Panda Internet Security 2016 (all versions up to 16.1.2).

CWE-427 Jul 15, 2025

CVE-2025-48496 5.1 MEDIUM EPSS 0.00

Emerson ValveLink products use a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

CWE-427 Jul 11, 2025

CVE-2025-36004 8.8 HIGH EPSS 0.00

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege.

CWE-427 Jun 25, 2025

CVE-2025-49144 7.3 HIGH 10 PoCs Analysis EPSS 0.00

Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2.

CWE-276 Jun 23, 2025

CVE-2025-4981 9.9 CRITICAL 1 PoC Analysis EPSS 0.01

Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequences in filenames, potentially leading to remote code execution. The vulnerability impacts instances where file uploads and document search by content is enabled (FileSettings.EnableFileAttachments = true and FileSettings.ExtractContent = true). These configuration settings are enabled by default.

CWE-427 Jun 20, 2025

CVE-2024-24916 6.5 MEDIUM EPSS 0.00

Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin).

CWE-427 Jun 19, 2025

CVE-2025-5981 6.5 MEDIUM 1 Writeup EPSS 0.00

Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.

CWE-22 Jun 18, 2025