CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,778 vulnerabilities with CWE-269
CVE-2025-28399 CRITICAL
Erick xmall <= 1.1 - Privilege Escalation via Address Controller updateAddress Method
CVSS 9.8
CVE-2025-3418 HIGH
WPC Admin Columns <2.1.0 - Privilege Escalation
CVSS 8.8
CVE-2025-29800 HIGH
Microsoft AutoUpdate < 4.78 - Authenticated Privilege Escalation
CVSS 7.8
CVE-2025-29999 MEDIUM
Siemens License Server <V4.3 - Code Injection
CVSS 6.7
CVE-2025-28401 MEDIUM
RuoYi 4.8.0 - Privilege Escalation via menuId Parameter
CVSS 6.7
CVE-2025-28400 MEDIUM
RUoYi 4.8.0 - Privilege Escalation via PostID Parameter
CVSS 6.7
CVE-2025-2798 CRITICAL
Woffice CRM <= 5.4.21 - Unauthenticated Authentication Bypass via Custom Login Form
CVSS 9.8
CVE-2025-3105 HIGH
Vehica Core <1.0.97 - Privilege Escalation
CVSS 8.8
CVE-2025-31286 MEDIUM
Trend Vision One - HTML Injection
CVSS 4.6
CVE-2025-31285 MEDIUM
Trend Vision One - Privilege Escalation via Role Name Manipulation
CVSS 4.6
CVE-2025-31284 MEDIUM
Trend Vision One - Privilege Escalation via User Role Modification
CVSS 4.6
CVE-2025-31283 MEDIUM
Trend Vision One - Privilege Escalation via User Role Modification
CVSS 4.6
CVE-2025-31282 MEDIUM
Trend Vision One - Improper Privilege Management in User Account Component
CVSS 4.6
CVE-2025-29033 HIGH
BambooHR Build <v.25.0210.170831-83b08dd - Privilege Escalation
CVSS 7.3
CVE-2025-22231 HIGH
VMware Aria Operations - Privilege Escalation
CVSS 7.8
CVE-2025-2237 CRITICAL
WP RealEstate <1.6.26 - Auth Bypass
CVSS 9.8
CVE-2025-0416 HIGH
Valmet DNA <C2023 - Privilege Escalation
CVE-2025-24254 HIGH
macOS < 13.7.5, < 14.7.5, < 15.4 - Privilege Escalation via Symlink Validation Bypass
CVSS 8.8
CVE-2025-22937 CRITICAL
Adtran 411 ONT vL80.00.0011.M2 - Privilege Escalation
CVSS 9.8
CVE-2025-2858 HIGH
saTECH BCU Firmware 2.1.3 - Privilege Escalation via Nice Command
CVSS 8.8
CVE-2025-29924 HIGH
XWiki Platform <15.10.14, 16.4.6, 16.10.0-rc-1 - Info Disclosure
CVSS 7.5
CVE-2025-2324 MEDIUM
Progress MOVEit Transfer Privilege Escalation via Shared Account Misconfiguration
CVSS 5.9
CVE-2025-25872 MEDIUM
OpenPanel 0.3.4 - Privilege Escalation via Fix Permissions Function
CVSS 5.5
CVE-2025-2232 CRITICAL
Realteo < 1.2.8 - Unauthenticated Authentication Bypass via do_register_user Function
CVSS 9.8
CVE-2025-21199 MEDIUM
Azure Agent < 2.0.9940.0 and < 9.30 - Authenticated Privilege Escalation
CVSS 6.7
Details
Vulnerabilities 2,778
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits