Threatscape

All the following vulnerabilities were discovered either by Positive Research experts or by automated security products from Positive Technologies, including MaxPatrol and PT Application Inspector.

Severity rating
Date
Vendor
Vulnerable systems
High7
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

PT-2025-36: Local Privilege Escalation (LPE) in Amnezia VPN

Vendor:AmneziaVulnerable product:Amnezia VPNBDU ID:BDU:2025-04867Publication date:17 September 2025Fixed on:12 April 2025
High7
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

PT-2025-35: Local Privilege Escalation (LPE) in Tunnelblick

Vendor:TunnelblickVulnerable product:TunnelblickCVE ID:CVE-2025-43711BDU ID:BDU:2025-04879Publication date:17 September 2025Fixed on:22 April 2025
Critical9.4
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

PT-2025-34: Privilege escalation from host to domain admin in FreeIPA

Vendor:Red HatVulnerable product:FreeIPACVE ID:CVE-2025-4404BDU ID:BDU:2025-04863Publication date:17 September 2025Fixed on:16 June 2025
High8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

PT-2025-33: Security restriction bypass in macOS Shortcuts

Vendor:Apple IncVulnerable product:ShortcutsBDU ID:BDU:2025-02497Publication date:17 September 2025Fixed on:12 May 2025
High8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

PT-2025-32: Authentication bypass in NetScaler ADC

Vendor:Cloud Software Group, Inc.Vulnerable product:NetScaler ADCCVE ID:CVE-2025-5349BDU ID:BDU:2025-09318Publication date:17 September 2025Fixed on:17 June 2025
High7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

PT-2025-31: Local Privilege Escalation (LPE) via Virtual Hard Disk (VHDX) in Microsoft Windows

Vendor:Microsoft CorporationCVE ID:CVE-2025-49689BDU ID:BDU:2025-08306Publication date:16 September 2025Fixed on:8 July 2025
High7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

PT-2025-30: NULL pointer dereference in Windows Ancillary Function Driver for WinSock

Vendor:Microsoft CorporationCVE ID:CVE-2025-53141BDU ID:BDU:2025-04861Publication date:10 September 2025Fixed on:12 August 2025
High7
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

PT-2025-21: Local Privilege Escalation in Microsoft OneDrive

Vendor:Microsoft CorporationVulnerable product:OneDriveBDU ID:BDU:2025-08829Publication date:10 September 2025Detected on:28 March 2025
Medium5.4
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

PT-2025-20: Local Privilege Escalation in Cloudflare WARP

Vendor:CloudflareVulnerable product:WARPBDU ID:BDU:2025-08817Publication date:10 September 2025Detected on:14 March 2025
High8.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:H

PT-2025-19: Stack-based buffer overflow in Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E family

Vendor:BroadcomVulnerable product:Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E familyCVE ID:CVE-2025-56547BDU ID:BDU:2025-01825Publication date:14 July 2025Fixed on:10 April 2025
  • ...

Thinking about the best way to protect your company?

Contact us.

During the consultation we'll propose a solution precisely tailored to your organization.

 

General questions

We're happy to answer any questions you may have.

Partnership

Join us in making the world a safer place.

Request a pilot

Test drive our solutions with a customized pilot program.

Email
Country