CWE-250

Medium likelihood

Execution with Unnecessary Privileges

Parent: CWE-269 - Improper Privilege Management

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

326 vulnerabilities with CWE-250
CVE-2025-10885 HIGH
Autodesk Installer < 2.19 - Privilege Escalation via Insufficient Binary Validation
CVSS 7.8
CVE-2025-43990 HIGH
Dell Command Monitor <10.12.3.28 - Privilege Escalation
CVSS 7.3
CVE-2025-33003 HIGH
IBM InfoSphere Information Server <11.7.1.6 - Privilege Escalation
CVSS 7.8
CVE-2025-34274 CRITICAL
Nagios Log Server <2024R2.0.3 - Privilege Escalation
CVSS 9.8
CVE-2025-36137 HIGH
IBM Sterling Connect Direct - Privilege Escalation
CVSS 7.2
CVE-2025-62503 MEDIUM
Apache Airflow 3.0.0 through 3.1.1 - Privilege Escalation
CVSS 4.6
CVE-2025-62402 MEDIUM
Apache Airflow 3.0.0-3.1.0 - Unauthenticated Remote Code Execution via /api/v2/dagReports
CVSS 5.4
CVE-2025-43017 CRITICAL
HP ThinPro 8.1 - Privilege Escalation
CVSS 9.8
CVE-2025-6949 CRITICAL
Moxa EDR-G9010/EDR-8010/EDF-G1002-BP/TN-4900/NAT-102/NAT-108/OnCell G4302-LTE4 - Privilege Escalation via API
CVE-2025-6894 MEDIUM
Moxa EDR-G9010/EDR-8010/EDF-G1002-BP/TN-4900/NAT-102/NAT-108/OnCell G4302-LTE4 - Privilege Escalation via API Bypass
CVE-2025-6893 CRITICAL
Moxa EDR-G9010/EDR-8010/EDF-G1002-BP/TN-4900/NAT-102/NAT-108/OnCell G4302-LTE4 - Privilege Escalation via API Endpoint
CVE-2025-61909 MEDIUM
Icinga 2 <2.15.1-2.14.7-2.13.13 - Privilege Escalation
CVSS 4.4
CVE-2025-34515 CRITICAL
Ilevia EVE X1 Server <4.7.18.0.eden - Privilege Escalation
CVSS 9.8
CVE-2025-57780 HIGH
F5OS-A F5OS-C - Privilege Escalation
CVSS 8.8
CVE-2025-8486 HIGH
Lenovo PCManager < 5.1.140.9262 - Authenticated Privilege Escalation
CVSS 7.8
CVE-2025-61958 HIGH
F5 BIG-IP 15.1.0-15.1.10.8 - Authenticated Privilege Escalation via iHealth Command
CVSS 8.7
CVE-2025-59481 HIGH
BIG-IP TMOS Shell - Privilege Escalation
CVSS 8.7
CVE-2025-50505 HIGH
Clash Verge Rev <2.3.0 - Privilege Escalation
CVSS 7.8
CVE-2025-36356 CRITICAL
IBM Security Verify Access <11.0.1.0 - Privilege Escalation
CVSS 9.3
CVE-2025-58432 HIGH
ZimaOS < 1.4.1 - Unauthenticated Arbitrary File Write via /v2_1/files/file/uploadV2 Endpoint
CVSS 7.8
CVE-2025-58431 MEDIUM
ZimaOS < 1.4.1 - Unauthenticated Arbitrary File Read as Root via /v2_1/files/file/download Endpoint
CVSS 6.2
CVE-2025-37128 MEDIUM
HPE Aruba Networking EdgeConnect - Privilege Escalation
CVSS 6.8
CVE-2025-56557 CRITICAL
Tuya Smart Life App <5.6.1 - Privilege Escalation
CVSS 9.1
CVE-2025-57119 CRITICAL
Online Library Management System <3.0 - Privilege Escalation
CVSS 9.8
CVE-2025-42958 CRITICAL
SAP NetWeaver - Unauthenticated Privilege Escalation via Missing Authentication Check
CVSS 9.1
Details
Vulnerabilities 326
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits