CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,777 vulnerabilities with CWE-269
CVE-2025-49758 HIGH
SQL Server 2016-2022 Authenticated Privilege Escalation via SQL Injection
CVSS 8.8
CVE-2025-8660 CRITICAL
Symantec PGP Encryption - Privilege Escalation
CVSS 9.8
CVE-2025-54996 HIGH
OpenBao < 2.3.2 - Privilege Escalation to Root Policy via Identity Entity System
CVSS 7.2
CVE-2025-26513 HIGH
NetApp SAN Host Utilities < 8.0 - Local Privilege Escalation via Installer
CVSS 7.0
CVE-2025-6994 CRITICAL
Reveal Listing <3.3 - Privilege Escalation
CVSS 9.8
CVE-2025-54594 CRITICAL
react-native-bottom-tabs <0.9.2 - Code Injection
CVSS 9.1
CVE-2025-54595 HIGH
Pearcleaner 4.4.0-4.5.1 - Unauthenticated Privilege Escalation via XPC Service
CVSS 7.3
CVE-2025-5954 CRITICAL
Service Finder SMS System <2.0.0 - Privilege Escalation
CVSS 9.8
CVE-2025-52289 HIGH
MagnusBilling 7.8.5.3 - Unauthenticated Privilege Escalation via Crafted User Save Request
CVSS 8.0
CVE-2025-43256 HIGH
macOS <15.6-14.7.7 - Privilege Escalation
CVSS 7.8
CVE-2025-43249 HIGH
macOS <15.6-13.7.7 - Privilege Escalation
CVSS 7.8
CVE-2025-43248 HIGH
macOS <15.6-14.7.7 - Privilege Escalation
CVSS 7.8
CVE-2025-43199 CRITICAL
macOS <15.6-13.7.7 - Privilege Escalation
CVSS 9.8
CVE-2025-43188 HIGH
macOS Sequoia <15.6 - Privilege Escalation
CVSS 7.8
CVE-2025-31243 HIGH
macOS < 13.7.7, < 14.7.7, < 15.6 - Privilege Escalation to Root
CVSS 7.8
CVE-2025-24119 HIGH
macOS < 13.7.7, < 14.7.7, < 15.3 - Privilege Escalation via Improved State Management
CVSS 7.8
CVE-2025-22165 HIGH
Sourcetree 4.2.8-4.2.11 - Authenticated Arbitrary Code Execution
CVSS 7.3
CVE-2025-8107 MEDIUM
OceanBase <Oracle Mode - Privilege Escalation
CVSS 6.3
CVE-2025-53942 HIGH
authentik <2025.4.4, 2025.6.0-rc1-2025.6.3 - Info Disclosure
CVSS 7.4
CVE-2025-34143 CRITICAL
ETQ Reliance CG (legacy) < MP-4583 - Auth Bypass & RCE via SYSTEM Impersonation
CVE-2025-46116 HIGH
CommScope Ruckus Unleashed <200.15.6.212.14, 200.17.7.0.139 - Privi...
CVSS 8.8
CVE-2025-7784 MEDIUM
Red Hat build of Keycloak - Privilege Escalation via Fine-Grained Admin Permissions
CVSS 6.5
CVE-2025-53030 MEDIUM
Oracle VM VirtualBox 7.1.10 - Improper Privilege Management
CVSS 6.0
CVE-2025-53029 LOW
Oracle VM VirtualBox 7.1.10 - Unauthorized Data Access via Core Component
CVSS 2.3
CVE-2025-53027 HIGH
Oracle VM VirtualBox 7.1.10 - Privilege Escalation
CVSS 8.2
Details
Vulnerabilities 2,777
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits