CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,777 vulnerabilities with CWE-269
CVE-2025-46364 CRITICAL
Dell CloudLink <8.1.1 - Privilege Escalation
CVSS 9.1
CVE-2025-12683 MEDIUM
Voidtools Everything 1.4.1.1029 - Privilege Escalation via Named Pipe DACL Misconfiguration
CVE-2025-8900 CRITICAL
Doccure Core <1.5.4 - Privilege Escalation
CVSS 9.8
CVE-2025-8489 CRITICAL
King Addons for Elementor - Privilege Escalation
CVSS 9.8
CVE-2025-48982 HIGH
Veeam Agent for Microsoft Windows - Privilege Escalation
CVSS 7.8
CVE-2025-61429 HIGH
NCR Atleos Terminal Manager <3.4.0 - Privilege Escalation
CVSS 8.8
CVE-2025-12425 HIGH
BLU-IC2 and BLU-IC4 Firmware < 1.20 - Local Privilege Escalation
CVSS 7.8
CVE-2025-12424 CRITICAL
BLU-IC2 and BLU-IC4 Firmware < 1.20 - Privilege Escalation via SUID Binary
CVSS 9.8
CVE-2025-1037 HIGH
TropOS 4th Gen - Privilege Escalation
CVE-2025-11086 HIGH
Academy LMS - WordPress LMS Plugin <3.3.7 - Privilege Escalation
CVSS 8.1
CVE-2025-62592 MEDIUM
Oracle VM VirtualBox 7.1.12 and 7.2.2 - Authenticated Unauthorized Data Access
CVSS 6.0
CVE-2025-61759 MEDIUM
Oracle VM VirtualBox 7.1.12 and 7.2.2 - Unauthorized Data Access via Privilege Escalation
CVSS 6.5
CVE-2025-5496 LOW
Zohocorp Manageengine Endpoint Central < 11.4.2508.14 - Improper Privilege Management
CVSS 3.3
CVE-2025-7851 CRITICAL
Omada gateway - Privilege Escalation
CVSS 9.8
CVE-2025-6042 HIGH
Lisfinity Core - Privilege Escalation
CVSS 7.3
CVE-2025-56747 MEDIUM
Academy LMS <= 5.13 - Authenticated Privilege Escalation in Api_instructor Controller
CVSS 6.5
CVE-2025-9068 HIGH
Rockwell Automation Driver Package x64 MSI - Privilege Escalation
CVSS 7.8
CVE-2025-9067 HIGH
FactoryTalk Linx < 6.50 - Authenticated Privilege Escalation via MSI Repair Console Hijack
CVSS 7.8
CVE-2025-11533 CRITICAL
WP Freeio <1.2.21 - Privilege Escalation
CVSS 9.8
CVE-2025-61152 MEDIUM
python-jose <3.3.0 - Privilege Escalation
CVSS 6.5
CVE-2025-59247 HIGH
Azure PlayFab - Improper Privilege Management
CVSS 8.8
CVE-2025-11561 HIGH
Red Hat Enterprise Linux - Privilege Escalation via SSSD Active Directory Integration
CVSS 8.8
CVE-2025-61786 LOW
Deno < 2.2.15 and 2.3.0-2.5.2 - Permission Model Bypass via FsFile Stat Methods
CVSS 3.3
CVE-2025-34251 HIGH
Tesla Telematics Control Unit (TCU) < 2025.14 - Unauthenticated Privilege Escalation via ADB File Write
CVE-2025-57443 MEDIUM
FrostWire 6.14.0-build-326 - Code Injection
CVSS 5.1
Details
Vulnerabilities 2,777
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits