T1490
Inhibit System Recovery
Platforms7
CVEs mapped to this technique9
| CVE | Description | Severity | EPSS | Flags | Modified |
|---|---|---|---|---|---|
| CVE-2025-5777 | Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | HIGH7.5 | 100%p100 | KEV+RPoC | 2026-02-26 |
| CVE-2025-32433 | Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules. | CRITICAL10.0 | 98%p100 | KEVWeaponized | 2026-02-26 |
| CVE-2025-47812 | In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts. | CRITICAL10.0 | 95%p100 | KEVWeaponized | 2026-02-26 |
| CVE-2024-57727 | SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords. | HIGH7.5 | 95%p100 | KEV+RFunctional | 2026-02-26 |
| CVE-2026-41940 | cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel. | CRITICAL9.8 | 91%p100 | KEV+RWeaponized | 2026-05-06 |
| CVE-2025-26399 | SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986. | CRITICAL9.8 | 88%p100 | KEVPoC | 2026-03-10 |
| CVE-2025-33073 | Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. | HIGH8.8 | 64%p99 | KEVPoC | 2026-02-26 |
| CVE-2026-20131 | A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced. | CRITICAL10.0 | 28%p98 | KEV+RPoC | 2026-03-25 |
| CVE-2026-33825 | Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally. | HIGH7.8 | 6.22%p93 | KEVPoC | 2026-06-19 |