← Back
CWE-276

1,508 CVEs • Abstraction: Base • Likelihood of Exploit: Medium

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

JSON object

Loading...

CVEs (1,508)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-46586
1Huawei
1Harmonyos
Sep 26, 2025
May 6, 2025
N/A· v4
5.5 MEDIUM· v3
N/A· v2
Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-43595
1Msp360
1Backup
Sep 23, 2025
May 1, 2025
8.5 HIGH· v4
9.8 CRITICAL· v3
N/A· v2
An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a low privileged user to execute commands with root privileges in the 'Online Backup' folder. Upgrade to MSP360 Backup 4.4 (released on...Show more
An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a low privileged user to execute commands with root privileges in the 'Online Backup' folder. Upgrade to MSP360 Backup 4.4 (released on 2025-04-22).Show less
CVE-2025-42598
-
-
Apr 29, 2025
Apr 28, 2025
8.4 HIGH· v4
7.8 HIGH· v3
N/A· v2
Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English. If a user is directed to place a crafted DLL file in...Show more
Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English. If a user is directed to place a crafted DLL file in a location of an attacker's choosing, the attacker may execute arbitrary code with SYSTEM privilege on a Windows system on which the printer driver is installed.Show less
CVE-2025-32981
1Netscout
1Ngeniusone
May 27, 2025
Apr 25, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to leverage Insecure Permissions for the nGeniusCLI File.
CVE-2025-24914
-
-
Apr 21, 2025
Apr 18, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not...Show more
When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-24914Show less
CVE-2025-30706
1Oracle
1Mysql Connectors
Apr 21, 2025
Apr 15, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with networ...Show more
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).Show less
CVE-2025-30701
1Oracle
1Ras Security
Apr 21, 2025
Apr 15, 2025
N/A· v4
7.3 HIGH· v3
N/A· v2
Vulnerability in the RAS Security component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Easily exploitable vulnerability allows low privileged attacker havi...Show more
Vulnerability in the RAS Security component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Easily exploitable vulnerability allows low privileged attacker having User Account privilege with network access via Oracle Net to compromise RAS Security. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all RAS Security accessible data as well as unauthorized access to critical data or complete access to all RAS Security accessible data. CVSS 3.1 Base Score 7.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N).Show less
CVE-2025-3617
1Rockwellautomation
1Thinmanager
Jul 14, 2025
Apr 15, 2025
8.5 HIGH· v4
7.8 HIGH· v3
N/A· v2
A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. When the software starts up, files are deleted in the temporary folder causing the Access Control Entry of the directory to inherit perm...Show more
A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. When the software starts up, files are deleted in the temporary folder causing the Access Control Entry of the directory to inherit permissions from the parent directory. If exploited, a threat actor could inherit elevated privileges.Show less
CVE-2025-23386
-
-
Apr 11, 2025
Apr 10, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects gerbera on openSUSE Tumbleweed before 2.5.0-1.1.
CVE-2025-29801
1Microsoft
1Autoupdate
Jul 10, 2025
Apr 8, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
CVE-2025-29570
1Szlbt
1Lbt T300 T400 Firmware
Aug 20, 2025
Apr 3, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
An issue in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 allows a local attacker to escalate privileges via the function tftp_image_check of a binary named rc.
CVE-2025-29504
1Huang Yk
1Student Manage
Oct 15, 2025
Apr 3, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Insecure Permission vulnerability in student-manage 1 allows a local attacker to escalate privileges via the Unsafe permission verification.
CVE-2025-0014
-
-
Apr 7, 2025
Apr 2, 2025
N/A· v4
7.3 HIGH· v3
N/A· v2
Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2025-30465
1Apple
2Ipados
Macos
Apr 2, 2026
Mar 31, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A permissions issue was addressed with improved validation. This issue is fixed in iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sequoia 15.7.2, macOS Sonoma 14.7.5, macOS Sonoma 14.8.2, macOS Tahoe 26.1, macOS Ventura 13.7.5...Show more
A permissions issue was addressed with improved validation. This issue is fixed in iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sequoia 15.7.2, macOS Sonoma 14.7.5, macOS Sonoma 14.8.2, macOS Tahoe 26.1, macOS Ventura 13.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.Show less
CVE-2025-24277
1Apple
1Macos
Apr 2, 2026
Mar 31, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privil...Show more
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges.Show less
CVE-2025-24267
1Apple
1Macos
Apr 2, 2026
Mar 31, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges.
CVE-2025-24238
1Apple
4Ipados
Iphone OsMacos+1 more
Apr 2, 2026
Mar 31, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to gain elevat...Show more
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to gain elevated privileges.Show less
CVE-2025-24234
1Apple
1Macos
Apr 2, 2026
Mar 31, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to gain root privileges.
CVE-2025-24207
1Apple
1Macos
Apr 2, 2026
Mar 31, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to enable iCloud storage features without user cons...Show more
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to enable iCloud storage features without user consent.Show less
CVE-2025-24195
1Apple
1Macos
Apr 2, 2026
Mar 31, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A user may be able to elevate privileges.