CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,510 vulnerabilities with CWE-276
CVE-2025-61035 HIGH
seffaflik <= 0.0.9 - Symlink Attack and Arbitrary File Overwrite via .kimlik File
CVSS 7.7
CVE-2025-62661 MEDIUM
Mediawiki <1.44 - Privilege Escalation
CVE-2025-62577 HIGH
ETERNUS SF AdvancedCopy Manager Standard Edition and Storage Cruiser - Incorrect Default Permissions
CVSS 8.8
CVE-2025-62668 MEDIUM
Mediawiki - GrowthExperiments Extension <1.39 - Info Disclosure
CVE-2025-35062 MEDIUM
Newforma Project Center < 2023.1 - Unauthenticated Incorrect Default Permissions
CVSS 5.3
CVE-2025-11535 HIGH
MongoDB Connector for BI <2.14.24 - Privilege Escalation
CVE-2025-54086 LOW
Absolute Secure Access < 14.10 - Unauthenticated Sensitive Data Exposure via Warehouse Java Keystore
CVSS 3.3
CVE-2025-23297 HIGH
NVIDIA Installer for NvAPP for Windows - Privilege Escalation
CVSS 7.8
CVE-2025-57852 MEDIUM
KServe ModelMesh - Privilege Escalation
CVSS 6.4
CVE-2025-36857 LOW
Rapid7 Appspider Pro < 7.5.021 - Broken Access Control via Configuration File Override
CVSS 3.3
CVE-2025-34191 HIGH
Vasion Print Virtual Appliance Host < 22.0.843 & Application < 20.0.1923 - Arbitrary File Write
CVSS 8.4
CVE-2025-53947 HIGH
Software <unknown> - Info Disclosure
CVSS 7.7
CVE-2025-57625 HIGH
CYRISMA Sensor <444 - Privilege Escalation
CVSS 8.8
CVE-2025-55111 MEDIUM
Control-M/Agent <9.0.20 - Info Disclosure
CVSS 5.5
CVE-2025-43887 HIGH
Dell PowerProtect Data Manager 19.19-19.20 - Incorrect Default Permissions
CVSS 7.0
CVE-2025-43725 HIGH
Dell PowerProtect Data Manager 19.19-19.20 - Incorrect Default Permissions
CVSS 7.8
CVE-2025-10231 HIGH
n-able n-central < 2025.3 - Privilege Escalation via Incorrect File Handling Permissions
CVSS 7.0
CVE-2025-22425 MEDIUM
Android - Local Privilege Escalation via InstallStart Input Validation Bypass
CVSS 5.1
CVE-2025-57846 HIGH
i- - Incorrect Default Permissions
CVSS 7.8
CVE-2025-9190 MEDIUM
Cursor macOS RunAsNode - Local TCC Permission Code Execution
CVE-2025-53813 MEDIUM
Nozbe < 2025.11 - Local Privilege Escalation via TCC Permission Inheritance
CVE-2025-53811 MEDIUM
Mosh-Pro 1.3.2 - Local Privilege Escalation via TCC Permission Inheritance
CVE-2025-8098 HIGH
Lenovo PC Manager < 5.1.120.7041 - Privilege Escalation via Incorrect Default Permissions
CVSS 7.8
CVE-2025-27559 MEDIUM
AI Playground <v2.3.0 alpha - Privilege Escalation
CVSS 6.7
CVE-2025-26470 MEDIUM
Intel(R) Distribution for Python <2025.1.0 - Privilege Escalation
CVSS 6.7
Details
Vulnerabilities 1,510
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits