CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,510 vulnerabilities with CWE-276
CVE-2025-10314 HIGH
Mitsubishi Electric FREQSHIP-mini <8.0.2 - Code Injection
CVSS 8.8
CVE-2025-69604 HIGH
SuperDuper! < 3.12 - Unauthenticated Arbitrary Package Installation via Default Task Template
CVSS 7.8
CVE-2025-13905 HIGH
CWE-276 - Privilege Escalation
CVE-2025-67230 HIGH
ToDesktop Builder < 0.33.0 - Improper Permissions in Custom URL Scheme Handler
CVSS 7.1
CVE-2025-15523 MEDIUM
Inkscape < 1.4.3 - Unauthenticated Incorrect Default Permissions via Bundled Python Interpreter
CVE-2025-55132 MEDIUM
Node.js 20.0.0-20.19.1 - Incorrect Default Permissions via futimes()
CVSS 5.3
CVE-2025-67813 MEDIUM
Quest KACE Desktop Authority < 11.3.2 - Insecure Named Pipe Permissions
CVSS 5.3
CVE-2025-60262 CRITICAL
H3C M102G and BA1500L - Unauthenticated Arbitrary File Write via FTP Misconfiguration
CVSS 9.8
CVE-2025-64724 HIGH
Arduino IDE <2.3.7 - Privilege Escalation
CVSS 7.3
CVE-2025-64723 MEDIUM
Arduino IDE <2.3.7 - Code Injection
CVSS 4.4
CVE-2025-53919 HIGH
Dell Color Management <3.3.008 - Privilege Escalation
CVSS 7.8
CVE-2025-53398 HIGH
Dell Color Management <3.3.8 - Info Disclosure
CVSS 7.8
CVE-2025-43519 MEDIUM
macOS < 14.8.3, < 15.7.3, < 26.2 - Unprotected User Data Exposure via Permissions Issue
CVSS 5.5
CVE-2025-13155 HIGH
Lenovo Baiying Client - Privilege Escalation
CVSS 7.8
CVE-2025-59030 HIGH
PowerDNS Recursor 5.1.0-5.1.8 - Unauthenticated Cache Poisoning via TCP NOTIFY Query
CVSS 7.5
CVE-2025-57850 MEDIUM
CodeReady Workspaces - Privilege Escalation
CVSS 6.4
CVE-2025-61229 HIGH
Shirt Pocket's SuperDuper! <3.10 - Privilege Escalation
CVSS 7.8
CVE-2025-59485 LOW
MaLion <5.3.4 - Privilege Escalation
CVSS 3.3
CVE-2025-54866 MEDIUM
Wazuh 4.3.0-4.12.9 - Incorrect Default Permissions in authd.pass
CVSS 5.5
CVE-2025-58097 HIGH
LogStare Collector < 2.4.2 - Incorrect Default Permissions
CVSS 7.8
CVE-2025-34333 HIGH
AudioCodes Fax Server/IVR <=2.6.23 Privilege Escalation via Webroot Permissions
CVSS 7.8
CVE-2025-34332 HIGH
AudioCodes Fax Server and Auto-Attendant IVR <= 2.6.23 - Privilege Escalation via Writable Service Control Scripts
CVSS 7.8
CVE-2025-54990 MEDIUM
XWiki AdminTools < 1.1 - Unauthenticated Incorrect Default Permissions in AdminTools.SpammedPages
CVSS 5.3
CVE-2025-12792 LOW
Canva < 1.117.1 - Unauthenticated Arbitrary Code Execution via Missing Hardened Runtime
CVSS 3.2
CVE-2025-13193 MEDIUM
Red Hat Enterprise Linux - Information Disclosure via Insecure Snapshot Permissions
CVSS 5.5
Details
Vulnerabilities 1,510
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits