CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,778 vulnerabilities with CWE-269
CVE-2025-44040 HIGH
OrangeHRM 5.7 - Privilege Escalation via UserService.php Loose-Equality Comparison
CVSS 7.2
CVE-2025-24183 MEDIUM
macOS < 13.7.3, < 14.7.3, < 15.3 - Unauthorized File System Modification
CVSS 5.5
CVE-2025-30475 HIGH
Dell PowerScale InsightIQ <5.2 - Privilege Escalation
CVSS 8.1
CVE-2025-29976 HIGH
Microsoft Office SharePoint - Privilege Escalation
CVSS 7.8
CVE-2025-27468 HIGH
Windows Secure Kernel Mode - Privilege Escalation
CVSS 7.0
CVE-2025-31222 HIGH
iPadOS < 18.5 - Privilege Escalation
CVSS 7.8
CVE-2025-24258 HIGH
macOS < 13.7.6, < 14.7.6, < 15.4 - Privilege Escalation to Root
CVSS 7.8
CVE-2025-0505 CRITICAL
Arista CloudVision - Privilege Escalation
CVSS 10.0
CVE-2025-4335 HIGH
WooCommerce Multiple Addresses <1.0.7.1 - Privilege Escalation
CVSS 8.8
CVE-2025-3852 HIGH
WPshop 2-2.6.0 - Privilege Escalation
CVSS 8.8
CVE-2025-47420 HIGH
Crestron Automate VX <6.4.0.49 - Privilege Escalation
CVE-2025-3438 MEDIUM
MStore API < 4.17.4 - Unauthenticated Privilege Escalation via User Registration
CVSS 6.5
CVE-2025-32974 CRITICAL
XWiki 15.9-15.10.7 and 16.0.0-16.1.0 - Privilege Escalation via TextArea Default Content Type
CVSS 9.0
CVE-2025-25962 CRITICAL
Coresmartcontracts Uniswap <4.0 - Privilege Escalation
CVSS 9.8
CVE-2025-4085 HIGH
Firefox < 138.0 and Thunderbird < 138.0 - Privilege Escalation via UITour Actor
CVSS 7.1
CVE-2025-3224 HIGH
Docker Desktop for Windows <4.41.0 - Privilege Escalation
CVSS 7.8
CVE-2025-46576 MEDIUM
ZTE ZXCloud GoldenDB - Improper Privilege Management
CVSS 5.4
CVE-2025-2238 HIGH
Vikinger theme <1.9.30 - Privilege Escalation
CVSS 8.8
CVE-2025-3101 HIGH
Configurator Theme Core <1.4.7 - Privilege Escalation
CVSS 8.8
CVE-2025-3761 HIGH
My Tickets - Accessible Event Ticketing <= 2.0.16 - Authenticated Privilege Escalation via mt_save_profile()
CVSS 8.8
CVE-2025-1732 MEDIUM
Zyxel USG FLEX H uOS <= V1.31 - Authenticated Privilege Escalation via Crafted Configuration File Upload
CVSS 6.7
CVE-2025-32955 MEDIUM
Harden-Runner <2.12.0 - Privilege Escalation
CVSS 6.0
CVE-2025-3278 CRITICAL
UrbanGo Membership <1.0.4 - Privilege Escalation
CVSS 9.8
CVE-2025-28237 HIGH
WorldCast Systems ECRESO FM/DAB/TV Transmitter <1.10.1 - Privilege ...
CVSS 8.8
CVE-2025-25230 HIGH
Omnissa Horizon Client - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities 2,778
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits