cbcvebase.

Www.Velocidex.Com Golang Velociraptor vulnerabilities

7 known vulnerabilities affecting www.velocidex.com/golang_velociraptor.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
HIGH2MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2025-6264P1MEDIUMExploitedRansomware≥ 0, < 0.74.32025-06-20
CVE-2025-6264 [MEDIUM] CWE-276 Velociraptor vulnerable to privilege escalation via UpdateConfig artifact Velociraptor vulnerable to privilege escalation via UpdateConfig artifact Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions. To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch. The Admin.Client.Updat
ghsaosv
CVE-2023-0242P3HIGH≥ 0, < 0.6.7-52023-01-18
CVE-2023-0242 [HIGH] CWE-269 Velociraptor vulnerable to Missing Authorization Velociraptor vulnerable to Missing Authorization Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally forbidden from writing or modifying files on the server. The VQL copy() function applies permission checks for reading files but does
ghsaosv
CVE-2026-6290P3HIGH≥ 0, ≤ 0.76.22026-04-15
CVE-2026-6290 [HIGH] CWE-863 Velociraptor vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token Velociraptor vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query() plugin,
ghsa
CVE-2026-7573P3MEDIUM≥ 0, < 0.76.52026-05-06
CVE-2026-7573 [MEDIUM] CWE-639 Velocidex Velociraptor has an authorization bypass vulnerability Velocidex Velociraptor has an authorization bypass vulnerability An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy (roles and permissions) for any user across all organizations by supplying targeted Name and Org parameters via a network request.
ghsa
CVE-2026-6863P3MEDIUM≥ 0, < 0.76.42026-05-06
CVE-2026-6863 [MEDIUM] CWE-863 Velocidex Velociraptor has an Incorrect Authorization issue Velocidex Velociraptor has an Incorrect Authorization issue Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization (the lowest authenticated role, holding only READ_RESULTS permission ) can issue a single authenticated HTTP GET that can read any files from other orgs - even if they have no explicit
ghsa
CVE-2023-0290P4MEDIUM≥ 0, < 0.6.7-52023-01-19
CVE-2023-0290 [MEDIUM] CWE-22 Velociraptor subject to Path Traversal Velociraptor subject to Path Traversal Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of "../clients/server" to schedule the collection for the server (as a server artifact), but only require privileges to schedule collections on the client. Normally, to schedu
ghsaosv
CVE-2026-7572P4MEDIUM≥ 0, < 0.76.52026-05-06
CVE-2026-7572 [MEDIUM] CWE-193 Velocidex Velociraptor has an off-by-one error Velocidex Velociraptor has an off-by-one error An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service (DoS) via a process crash by providing a specially crafted .evtx file to the parse_evtx VQL plugin.
ghsa
Www.Velocidex.Com Golang Velociraptor vulnerabilities | cvebase