CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,510 vulnerabilities with CWE-276
CVE-2025-5963 MEDIUM
Postbox >=7.0.65 <7.0.65 - Dylib Injection via Environment Variable Manipulation
CVE-2025-5255 MEDIUM
Phoenix Code < 4.0.3 - Dylib Injection via Environment Variable Manipulation
CVE-2025-6264 MEDIUM
Velociraptor < 0.7.4.3 - Authenticated Remote Code Execution via Admin.Client.UpdateClientConfig Artifact
CVSS 5.5
CVE-2025-49843 LOW
conda-smithy <3.47.1 - Privilege Escalation
CVE-2025-49842 LOW
conda-forge-webservices <2025.3.24 - Privilege Escalation
CVE-2025-6179 CRITICAL
Google ChromeOS 16181.27.0 - Permissions Bypass in Extension Management
CVSS 9.8
CVE-2025-36632 HIGH
Tenable Nessus Agent < 10.8.5 - Privilege Escalation via Incorrect Default Permissions
CVSS 7.8
CVE-2025-1699 LOW
Motorola g34, g34t, g45 5G < 2025-06-01 - Unauthorized Access via MotoSignature Default Permissions
CVSS 2.8
CVE-2025-40585 CRITICAL
Energy Services - All versions with G5DFR - Privilege Escalation
CVSS 9.9
CVE-2025-49006 HIGH
Wasp <0.16.6 - Privilege Escalation
CVE-2025-48959 MEDIUM
Acronis Cyber Protect Cloud Agent <40077 - Privilege Escalation
CVSS 6.7
CVE-2025-20984 MEDIUM
Samsung Wear OS - Unauthenticated Data Exposure via Incorrect Default Permissions
CVSS 6.8
CVE-2025-48950 HIGH
MaxKB <1.10.8-lts - Privilege Escalation
CVSS 8.8
CVE-2025-46355 HIGH
PC Time Tracer < 5.2 - Authenticated Arbitrary Code Execution via Incorrect Default Permissions
CVSS 7.3
CVE-2025-23105 HIGH
Samsung Exynos 2200, 1480, and 2400 Firmware - Use-After-Free
CVSS 7.8
CVE-2025-2502 HIGH
Lenovo PCManager < 5.1.110.5082 - Privilege Escalation via Improper Default Permissions
CVSS 7.8
CVE-2025-31261 MEDIUM
macOS < 13.7.5, < 14.7.5, < 15.4 - Unprotected User Data Exposure via Permissions Issue
CVSS 5.5
CVE-2025-4081 MEDIUM
Blackmagic Design DaVinci Resolve - Local Privilege Escalation via Dynamic Library Substitution
CVE-2025-32803 MEDIUM
Kea <2.4.1, <2.6.2, <2.7.8 - Info Disclosure
CVSS 4.0
CVE-2025-4412 MEDIUM
Viscosity < 1.11.4 - Incorrect Default Permissions via Launch Agent
CVE-2025-46803 MEDIUM
Screen - Incorrect Default Permissions in Pseudo Terminals
CVSS 5.0
CVE-2025-43596 HIGH
MSP360 Backup 8.0 - Privilege Escalation via Insecure File System Permissions
CVSS 7.8
CVE-2025-4280 MEDIUM
Poedit 2.0-3.6.2 - Unauthenticated Local Privilege Escalation via Python Interpreter TCC Permission Inheritance
CVE-2025-48070 LOW
Plane < 0.23.0 - Insecure Permissions in UserSerializer
CVSS 3.5
CVE-2025-20095 MEDIUM
Intel RealSense SDK <2.56.2 - Privilege Escalation
CVSS 6.7
Details
Vulnerabilities 1,510
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits