Privilege Escalation

Vulnerability Description CVE-2025-12744 is an OS Command Injection vulnerability found in the Automatic Bug Reporting Tool (ABRT) daemon. Technical Details The ABRT daemon copies up to 12 characters from untrusted user-supplied input. These characters are inserted directly into a shell command: docker inspect %s without proper validation. An unprivileged local user can create a payload that injects shell metacharacters. The ABRT process, running as root, executes commands controlled by the attacker. This allows privilege escalation, granting the attacker full root privileges. The vulnerability does not require user interaction, but does require local access. CVSS 3.1: 8.8 (High), reflecting a high impact on confidentiality, integrity and availability, and low exploitation complexity. The root of the problem is insecure handling of shell commands and lack of input validation. Potential Impact ...

Security researchers have revealed a critical vulnerability in Avast Free Antivirus that could allow attackers to gain elevated system privileges and execute malicious code with kernel-level access. The vulnerability, tracked as CVE-2025-3500, received a high CVSS score of 8.8 and was made public on April 24, 2025, after Avast issued a patch. Technical Details of the Vulnerability The security flaw resides in the Avast Free Antivirus aswbidsdriver kernel driver and is caused by incorrect validation of user-supplied data. ...