CVE-2025-40672

HIGH Year: 2025
Weakness Type
CWE-732
View all →

Vulnerability Description

A Privilege Escalation vulnerability has been found in Panloader component v3.24.0.0 by Espiral MS Group. This vulnerability allows any user to override the file panLoad.exe that will be executed by SYSTEM user via a programmed task. This would allow an attacker to obtain administrator permissions to perform whatever activities he/she wants, shuch as accessing sensitive information, executing code remotely, and even causing a denial of service (DoS).

Related Vulnerabilities

CVE-2025-21520

LOW
CVSS:1.8(Low)

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exp...

CWE-7322025

CVE-2021-33509

CRITICAL
CVSS:9.9(Critical)

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.

CWE-7322021

CVE-2023-40622

CRITICAL
CVSS:9.9(Critical)

SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise...

CWE-7322023

CVE-2024-5618

CRITICAL
CVSS:9.9(Critical)

Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained by ACLs.This issue affe...

CWE-7322024

CVE-2025-0066

CRITICAL
CVSS:9.9(Critical)

Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a...

CWE-7322025

CVE-2011-3923

CRITICAL
CVSS:9.8(Critical)

Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.

CWE-7322011