Threatscape

All the following vulnerabilities were discovered either by Positive Research experts or by automated security products from Positive Technologies, including MaxPatrol and PT Application Inspector.

Severity rating
Date
Vendor
Vulnerable systems
High7
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

PT-2025-99: Deserialization of untrusted data in FreeScout

Vendor:FreeScoutVulnerable product:FreeScoutBDU ID:BDU:2025-13048Publication date:24 December 2025Fixed on:19 July 2025
High7
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

PT-2025-98: Deserialization of untrusted data in FreeScout

Vendor:FreeScoutVulnerable product:FreeScoutBDU ID:BDU:2025-13047Publication date:24 December 2025Fixed on:19 July 2025
High7.2
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

PT-2025-97: Deserialization of untrusted data in FreeScout

Vendor:FreeScoutVulnerable product:FreeScoutBDU ID:BDU:2025-13046Publication date:24 December 2025Fixed on:19 July 2025
High8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

PT-2025-96: Deserialization of untrusted data leads to Remote code execution (RCE) in FreeScout

Vendor:FreeScoutVulnerable product:FreeScoutCVE ID:CVE-2025-58163BDU ID:BDU:2025-13045Publication date:24 December 2025Fixed on:19 July 2025
High7
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

PT-2025-95: Local Privilege Escalation (LPE) in Red Shield VPN

Vendor:Private Network Labs LLCVulnerable product:Red Shield VPNBDU ID:BDU:2025-04874Publication date:9 December 2025Fixed on:19 April 2025
High7
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

PT-2025-94: Local Privilege Escalation in Pritunl

Vendor:Pritunl, IncVulnerable product:PritunlCVE ID:CVE-2025-43917BDU ID:BDU:2025-08463Publication date:9 December 2025Fixed on:3 April 2025
High7
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

PT-2025-93: Local Privilege Escalation in RemotePC

Vendor:IDrive Inc.Vulnerable product:RemotePCBDU ID:BDU:2025-08845Publication date:9 December 2025Fixed on:30 July 2025
High7
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

PT-2025-92: Local Privilege Escalation in IDrive

Vendor:IDrive Inc.Vulnerable product:IDriveBDU ID:BDU:2025-08844Publication date:9 December 2025Fixed on:2 September 2025
High7
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

PT-2025-91: Local Privilege Escalation in Mullvad VPN

Vendor:Amagicom ABVulnerable product:Mullvad VPNCVE ID:CVE-2025-46351BDU ID:BDU:2025-04871Publication date:9 December 2025Fixed on:24 June 2025
High7
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

PT-2025-90: Local Privilege Escalation in SyncBackTouch

Vendor:2BrightSparks Pte.Vulnerable product:SyncBackTouchCVE ID:CVE-2025-56528BDU ID:BDU:2025-08848Publication date:9 December 2025Fixed on:14 July 2025
  • ...

Thinking about the best way to protect your company?

Contact us.

During the consultation we'll propose a solution precisely tailored to your organization.

 

General questions

We're happy to answer any questions you may have.

Partnership

Join us in making the world a safer place.

Request a pilot

Test drive our solutions with a customized pilot program.