CVE-2025-6264 — Rapid7 Velociraptor — Rapid7 Velociraptor Incorrect Default Permissions Vulnerability

Rapid7 Velociraptor contains an incorrect default permissions vulnerability that can lead to arbitrary command execution and endpoint takeover. To successfully exploit this vulnerability the user must already have access to collect artifacts from the endpoint.