CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,777 vulnerabilities with CWE-269
CVE-2025-13538 CRITICAL
WordPress <1.0.5 - Privilege Escalation
CVSS 9.8
CVE-2025-66314 HIGH
ZTE ElasticNet UME R32 - Privilege Escalation
CVSS 7.5
CVE-2025-66266 CRITICAL
UPSilon 2000 - Privilege Escalation
CVE-2025-66265 MEDIUM
CMService.exe - Privilege Escalation
CVE-2025-33188 HIGH
NVIDIA DGX Spark GB10 - Info Disclosure
CVSS 8.0
CVE-2025-33187 CRITICAL
NVIDIA DGX Spark GB10 - Privilege Escalation
CVSS 9.3
CVE-2025-13559 CRITICAL
EduKart Pro <1.0.3 - Privilege Escalation
CVSS 9.8
CVE-2025-54821 LOW
Fortinet FortiOS 6.4-7.6.3, FortiPAM 1.0-1.6.0, FortiProxy 7.0-7.6.3 - Trusted Host Policy Bypass
CVSS 1.9
CVE-2025-40548 CRITICAL
SolarWinds Serv-U < 15.5.3 - Authenticated Privilege Escalation
CVSS 9.1
CVE-2025-20346 MEDIUM
Cisco Catalyst Center - Privilege Escalation
CVSS 4.3
CVE-2025-11923 HIGH
LifterLMS 3.5.3-9.0.7 - Authenticated Privilege Escalation via REST API
CVSS 8.8
CVE-2025-59514 HIGH
Microsoft Windows - Improper Privilege Management in Streaming Service
CVSS 7.8
CVE-2025-24863 MEDIUM
Intel(R) CIP <WIN_DCA_2.4.0.11001 - Info Disclosure
CVSS 6.5
CVE-2025-24838 HIGH
Intel Computing Improvement Program < 2.4.11001 - Privilege Escalation
CVSS 8.8
CVE-2025-24307 LOW
Intel Computing Improvement Program < 2.4.11001 - Privilege Escalation via Ring 3 User Application
CVSS 2.0
CVE-2025-11457 CRITICAL
EasyCommerce <1.5.0 - Privilege Escalation
CVSS 9.8
CVE-2025-11168 HIGH
Mementor Core <2.2.5 - Privilege Escalation
CVSS 8.8
CVE-2025-64507 HIGH
Incus < 6.0.6 and 6.1-6.18 - Privilege Escalation via Custom Storage Volume with security.shifted Property
CVSS 7.8
CVE-2025-12726 HIGH
Google Chrome <142.0.7444.137 - Privilege Escalation
CVSS 7.5
CVE-2025-12405 HIGH
Looker Studio - Privilege Escalation
CVE-2025-64489 HIGH
SuiteCRM < 7.14.8 - Privilege Escalation via Inactive User Session Persistence
CVSS 8.3
CVE-2025-64436 MEDIUM
KubeVirt < 1.5.3 - Improper Privilege Management via Virt-Handler Service Account
CVSS 5.3
CVE-2025-64338 CRITICAL
ClipBucket 5.5.2-#156 and below - Authenticated Stored Cross-Site Scripting via Photo Collection Name
CVSS 9.0
CVE-2025-64336 MEDIUM
ClipBucket 5.3-5.5.2-146 - Authenticated Stored Cross-Site Scripting via Photo Title
CVSS 5.4
CVE-2025-12485 HIGH
Devolutions Server <=2025.2.15.0, 2025.3.2.0-2025.3.5.0 - Authenticated Account Impersonation via Pre-MFA Cookie Replay
CVSS 8.8
Details
Vulnerabilities 2,777
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits