CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,778 vulnerabilities with CWE-269
CVE-2025-39202 HIGH
MicroSCADA X SYS600 10.0-10.7 - Authenticated Privilege Escalation via Monitor Pro Interface
CVSS 7.3
CVE-2025-24286 HIGH
Veeam Backup & Replication < 12.3.2.3617 - Authenticated Arbitrary Code Execution via Backup Job Modification
CVSS 7.2
CVE-2025-49157 HIGH
Trend Micro Apex One < 14.0.14492 and 14.0.0.12994-14.0.0.14002 - Local Privilege Escalation via Damage Cleanup Engine
CVSS 7.8
CVE-2025-49156 HIGH
Trend Micro Apex One < 14.0.14492 & 14.0.0.12994-14.0.0.14002 Local Privilege Escalation
CVSS 7.0
CVE-2025-4879 HIGH
Citrix Workspace < 2402 and < 2409 - Local Privilege Escalation
CVSS 7.8
CVE-2025-0320 HIGH
Citrix Secure Access Client for Windows - Privilege Escalation
CVSS 7.8
CVE-2025-6177 HIGH
Google ChromeOS - Privilege Escalation via MiniOS Debug Shell
CVSS 7.4
CVE-2025-5689 HIGH
authd < 0.5.4 - Improper Privilege Management
CVSS 8.5
CVE-2025-36633 HIGH
Tenable Nessus Agent < 10.8.5 - Local Privilege Escalation via Arbitrary File Deletion
CVSS 8.8
CVE-2025-36631 HIGH
Tenable Nessus Agent < 10.8.5 - Privilege Escalation via Log File Overwrite
CVSS 8.4
CVE-2025-5491 HIGH
Acer ControlCenter 4.00.3000-4.00.3056 - Remote Code Execution via Misconfigured Named Pipe
CVSS 8.8
CVE-2025-5687 HIGH
Mozilla VPN < 2.28.0 (macOS) - Privilege Escalation
CVSS 7.8
CVE-2025-4315 HIGH
CubeWP - All-in-One Dynamic Content Framework <= 1.1.23 - Authenticated Privilege Escalation via User Meta Update
CVSS 8.8
CVE-2025-47849 HIGH
Apache CloudStack 4.10.0.0-4.20.0.0 - Privilege Escalation via Domain Admin API Key Theft
CVSS 8.8
CVE-2025-47713 HIGH
Apache CloudStack 4.10.0.0-4.20.0.0 - Privilege Escalation via Domain Admin Password Reset
CVSS 8.8
CVE-2025-22829 MEDIUM
Apache CloudStack 4.20.0.0 - Authenticated Privilege Escalation via Quota Plugin
CVSS 4.3
CVE-2025-47955 HIGH
Windows Remote Access Connection Manager - Privilege Escalation
CVSS 7.8
CVE-2025-33067 HIGH
Windows Kernel - Privilege Escalation
CVSS 8.4
CVE-2025-22254 MEDIUM
Fortinet FortiOS <7.6.1 - Privilege Escalation
CVSS 6.6
CVE-2025-4681 HIGH
upKeeper Instant Privilege Access <1.4.0 - Privilege Escalation
CVE-2025-4601 HIGH
RH - Real Estate WordPress Theme <4.4.0 - Privilege Escalation
CVSS 8.8
CVE-2025-27811 HIGH
Razer Synapse 4 < 4.0.86.2502180127 - Local Privilege Escalation via COM Interface
CVSS 7.8
CVE-2025-26396 HIGH
SolarWinds Dameware - Privilege Escalation
CVSS 7.8
CVE-2025-0358 HIGH
Axis Communication - Privilege Escalation
CVSS 8.8
CVE-2025-4636 HIGH
Airpointer Web Platform - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities 2,778
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits