CVE-2025-6264 is a privilege escalation vulnerability in Rapid7 Velociraptor that allows users with COLLECT_CLIENT permissions to execute arbitrary commands and take over endpoints. The vulnerability has been actively exploited in ransomware attacks and affects internet-facing Velociraptor server deployments.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
The vulnerability affects Rapid7 Velociraptor installations on Windows, MacOS, and Linux platforms before version 0.74.3. The issue stems from the Admin.Client.
In August 2025, Talos responded to a ransomware attack ... 2025-6264) that could lead to arbitrary command execution and endpoint takeover.
National Vulnerability Database.Change History. New CVE Received from Rapid7, Inc. 6/19/2025 11:15:27 PM. Action. Type.
CVSS v3 base metrics. Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the ...
... security update for its Chrome browser to address a critical zero-day vulnerability, CVE-2025-6558, that is being actively exploited in the wild.