CVE-2025-47420 – Crestron Automate VX Privilege Escalation Vulnerability

May 6, 2025

CVE ID : CVE-2025-47420

Published : May 6, 2025, 10:15 p.m. | 1 hour, 42 minutes ago

Description : 266 vulnerability in Crestron Automate VX allows Privilege Escalation.This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4372 – Google Chrome WebAudio Use After Free Vulnerability

Next Article CVE-2025-0853 – WordPress PGS Core Plugin SQL Injection Vulnerability

Highlights

CVE-2025-3438 – WordPress WCFM Marketplace MStore API Privilege Escalation

May 2, 2025

CVE ID : CVE-2025-3438

Published : May 2, 2025, 6:15 a.m. | 1 hour, 5 minutes ago

Description : The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 4.17.4. This is due to a lack of restriction of role when registering. This makes it possible for unauthenticated attackers to to register with the ‘wcfm_vendor’ role, which is a Store Vendor role in the WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress. The vulnerability can only be exploited if the WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin is installed and activated. The vulnerability was partially patched in version 4.17.3.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

5 ways business leaders can transform workplace culture – and it starts by listening

My 4 favorite image editing apps on Linux – and two are free Photoshop alternatives

How Google’s Genie 3 could change AI video – and let you build your own interactive worlds

How you’re charging your tablet is slowly killing it – 3 methods to avoid (and the right way)

Establishing Consistent Data Foundations with Laravel’s Database Population System

Establishing Consistent Data Foundations with Laravel’s Database Population System

Generate Postman Collections from Laravel Routes

This Week in Laravel: Free Laravel Idea, Laracon News, and More

Lenovo Legion Go 2 vs Legion Go — How Do These Gaming Handhelds Compare Based on Rumored Specs?

Lenovo Legion Go 2 vs Legion Go — How Do These Gaming Handhelds Compare Based on Rumored Specs?

9 Default Settings in Windows 11 You Didn’t Know Could Affect Performance and Privacy

DICE Responds to Battlefield 6 Community: Key Updates on Map Flow and Class Mechanics

CVE-2025-47420 – Crestron Automate VX Privilege Escalation Vulnerability

Black Hat USA 2025: Does successful cybersecurity today increase cyber-risk tomorrow?

Black Hat USA 2025: Policy compliance and the myth of the silver bullet

Myths about malware: an exploit is the same as malware

Why neglecting AI ethics is such risky business – and how to do AI right

Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub

CVE-2025-43570 – Substance3D Use After Free Vulnerability

CVE-2025-3438 – WordPress WCFM Marketplace MStore API Privilege Escalation

CVE-2025-7053 – Cockpit Cross-Site Scripting Vulnerability

Razer sent me “gamer” snacks and a lamp — so I found out how they taste

CVE-2025-7209 – Plan9port Null Pointer Dereference Vulnerability

CVE-2025-47420 – Crestron Automate VX Privilege Escalation Vulnerability

Related Posts