CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,510 vulnerabilities with CWE-276
CVE-2025-2782 MEDIUM
WatchGuard Terminal Services Agent <12.11 - Privilege Escalation
CVE-2025-2781 MEDIUM
WatchGuard Mobile VPN with SSL Client <12.11 - Privilege Escalation
CVE-2025-25535 CRITICAL
SCRIPT CASE v.1.0.002 Build7 - Privilege Escalation
CVSS 9.8
CVE-2025-27612 MEDIUM
libcontainer < 0.5.3 - Incorrect Default Permissions via Tenant Builder Capability Inheritance
CVSS 5.9
CVE-2025-24915 HIGH
Nessus Agent <10.8.3 - Privilege Escalation
CVSS 7.8
CVE-2025-27926 MEDIUM
Nintex Automation 5.6-5.7 - Insufficiently Protected Credentials in K2 SmartForms Designer Configuration
CVSS 4.3
CVE-2025-20910 MEDIUM
Samsung Wear OS Galaxy Watch Gallery - Unprotected Data Exposure via Incorrect Default Permissions
CVSS 6.2
CVE-2025-24864 HIGH
RemoteView Agent <8.1.5.2 - Privilege Escalation
CVSS 7.8
CVE-2025-22447 HIGH
RemoteView Agent <8.1.5.2 - Privilege Escalation
CVSS 7.8
CVE-2025-27682 CRITICAL
Vasion Print < 20.0.1330 and Virtual Appliance < 1.0.735 - Insecure Log Permissions
CVSS 9.8
CVE-2025-27677 CRITICAL
Vasion Print < 20.0.1923 and Virtual Appliance < 22.0.843 - Unauthenticated Symbolic Link File Interaction
CVSS 9.8
CVE-2025-27521 MEDIUM
Huawei HarmonyOS - Improper Access Control
CVSS 6.8
CVE-2025-27154 CRITICAL
spotipy < 2.25.1 - Incorrect Default Permissions in Cache File
CVSS 9.8
CVE-2025-21106 MEDIUM
Dell RecoverPoint for Virtual Machines 6.0.X - Weak File System Permissions
CVSS 5.5
CVE-2025-24891 CRITICAL
DumbDrop - Path Traversal and Arbitrary File Write
CVSS 9.6
CVE-2025-24795 MEDIUM
Snowflake Connector for Python 2.3.7-3.13.0 - Incorrect Default Permissions in Temporary Credential Cache
CVSS 4.4
CVE-2025-24788 MEDIUM
Snowflake Connector for .NET 2.0.12-4.2.0 - Unauthorized Local File Access via World-Readable Temporary Directory
CVSS 5.0
CVE-2025-24790 MEDIUM
Snowflake JDBC 3.6.8-3.21.0 - Incorrect Default Permissions in Temporary Credential Cache
CVSS 4.4
CVE-2025-0797 LOW
MicroWorld eScan Antivirus 7.0.32 - Info Disclosure
CVSS 3.3
CVE-2025-24826 MEDIUM
Acronis Snap Deploy <build 4625 - Privilege Escalation
CVSS 6.7
CVE-2025-24176 HIGH
macOS < 13.7.3, < 14.7.3, < 15.3 - Privilege Escalation via Incorrect Default Permissions
CVSS 7.1
CVE-2025-24140 MEDIUM
macOS < 15.3 - Unprotected User Data Exposure via Quarantine Flag Bypass
CVSS 5.3
CVE-2025-24135 HIGH
macOS < 15.3 - Privilege Escalation via Improved Message Validation
CVSS 7.8
CVE-2025-24107 HIGH
iPadOS < 18.3 - Unauthenticated Privilege Escalation to Root via Permissions Issue
CVSS 7.8
CVE-2025-24093 CRITICAL
macOS < 13.7.3, < 14.7.3, < 15.4 - Unprotected Removable Volume Access
CVSS 9.8
Details
Vulnerabilities 1,510
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits