What is CVE-2025-6264?

CVE-2025-6264 is a medium-severity vulnerability in Rapid7 Velociraptor, classified under Incorrect Default Permissions. CVSS score: 5.5/10. Published 2025-06-20.

How severe is CVE-2025-6264?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Is CVE-2025-6264 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Rapid7 Velociraptor

CVE-2025-6264

Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions. To limit access to some dangerous artifact, Velociraptor allows fo…

EPSS: 0.003 (51.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L.

Affected products

Rapid7 Velociraptor — versions 0

Weakness classification (CWE)

CWE-276 — Incorrect Default Permissions

Public proof-of-concept exploits

References

docs.velociraptor.app/announcements/advisories/cve-2025-6264/

Frequently asked questions

What is CVE-2025-6264?: CVE-2025-6264 is a medium-severity vulnerability in Rapid7 Velociraptor, classified under Incorrect Default Permissions. CVSS score: 5.5/10. Published 2025-06-20.
How severe is CVE-2025-6264?: Medium severity. CVSS v3 base score is 5.5 out of 10.
Is CVE-2025-6264 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.