CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,772 vulnerabilities with CWE-269
CVE-2025-43320 HIGH
macOS Tahoe <26 - Privilege Escalation
CVSS 7.8
CVE-2025-67727 CRITICAL
parse-server < 8.6.0-alpha.2 - Improper Privilege Management in GitHub CI Workflow
CVSS 9.8
CVE-2025-13764 CRITICAL
WP CarDealer <1.2.16 - Privilege Escalation
CVSS 9.8
CVE-2025-12952 HIGH
Google Cloud's Dialogflow CX - Privilege Escalation
CVE-2025-12381 HIGH
AlgoSec Firewall Analyzer A33.0 A33.10 - Privilege Escalation via Sudoers Parameter Injection
CVSS 7.8
CVE-2025-66324 HIGH
Compression Module - Info Disclosure
CVSS 8.4
CVE-2025-13292 HIGH
Google Cloud Apigee-X < 1-16-0-apigee-3 - Unauthorized Cross-Tenant Data Access
CVE-2025-62686 MEDIUM
Plugin Alliance Installation Manager v1.4.0 - Local Privilege Escalation via DYLD_INSERT_LIBRARIES Injection
CVSS 6.2
CVE-2025-55076 MEDIUM
Plugin Alliance Installation Manager <1.4.0 - Privilege Escalation
CVSS 6.2
CVE-2025-7044 HIGH
MAAS 3.3.0-3.3.10 - Authenticated Privilege Escalation via Websocket User Update Injection
CVSS 7.7
CVE-2025-13542 CRITICAL
DesignThemes LMS <1.0.4 - Privilege Escalation
CVSS 9.8
CVE-2025-59705 MEDIUM
Entrust nShield HSM <13.6.12 - Physically Proximate Privilege Escalation via USB Interface
CVSS 6.8
CVE-2025-59697 HIGH
Entrust nShield HSM <13.6.12 Privilege Escalation via GRUB
CVSS 7.2
CVE-2025-59693 CRITICAL
Entrust nShield Connect XC, nShield 5c, and nShield HSMi < 13.6.12 - Privilege Escalation via JTAG Connector Access
CVSS 9.8
CVE-2025-13534 MEDIUM
Elula Wsdesk < 3.3.3 - Improper Privilege Management
CVSS 6.3
CVE-2025-65621 MEDIUM
Snipe-IT < 8.3.4 - Authenticated Stored Cross-Site Scripting and Privilege Escalation
CVSS 5.4
CVE-2025-13787 MEDIUM
zentao < 21.7.7 - Improper Privilege Management via File Handler
CVSS 5.4
CVE-2025-59790 MEDIUM
Apache Kvrocks 2.9.0-2.13.0 - Improper Privilege Management
CVSS 5.4
CVE-2025-13680 HIGH
Tiger theme WordPress - Privilege Escalation
CVSS 8.8
CVE-2025-13675 CRITICAL
Tiger theme <101.2.1 - Privilege Escalation
CVSS 9.8
CVE-2025-13540 CRITICAL
Tiare Membership <1.2 - Privilege Escalation
CVSS 9.8
CVE-2025-13538 CRITICAL
WordPress <1.0.5 - Privilege Escalation
CVSS 9.8
CVE-2025-66314 HIGH
ZTE ElasticNet UME R32 - Privilege Escalation
CVSS 7.5
CVE-2025-66266 CRITICAL
UPSilon 2000 - Privilege Escalation
CVE-2025-66265 MEDIUM
CMService.exe - Privilege Escalation
Details
Vulnerabilities 2,772
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits