NoMachine Incorrect Permission Assignment Local Privilege Escalation Vulnerability

🗓️ 03 Feb 2025 00:00:00Reported by AnonymousType

zdi

zdi🔗 www.zerodayinitiative.com👁 3 Views

Local attackers can exploit NoMachine privilege escalation via incorrect installer permissions.

Reporter	Title	Published	Views	Family All 272
FreeBSD	xorg server -- _XkbSetCompatMap vulnerability	29 Oct 202400:00	–	freebsd
Tenable Nessus	Amazon Linux 2023 : xorg-x11-server-common, xorg-x11-server-devel, xorg-x11-server-source (ALAS2023-2024-756)	14 Nov 202400:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0238: xorg-x11-server (ALINUX3-SA-2024:0238)	14 May 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0252: tigervnc (ALINUX3-SA-2024:0252)	14 May 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0076: xorg-x11-server-Xwayland (ALINUX3-SA-2025:0076)	27 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : xorg-x11-server and xorg-x11-server-Xwayland (ALSA-2024:8798)	6 Nov 202400:00	–	nessus
Tenable Nessus	AlmaLinux 9 : xorg-x11-server (ALSA-2025:7163)	3 Jul 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : xorg-x11-server-Xwayland (ALSA-2025:7165)	3 Jul 202500:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: xorg-x11-server / xorg-x11-server-Xwayland (CVE-2024-9632)	10 Feb 202500:00	–	nessus
Tenable Nessus	Debian dla-3940 : xdmx - security update	29 Oct 202400:00	–	nessus

Source	Link
kb	www.kb.nomachine.com/SU01W00263

03 Feb 2025 00:00Current

7.3High risk

Vulners AI Score7.3

CVSS 36.7

EPSS0.00057

nomachine vulnerability escalation local privilege escalation incorrect permission assignment