CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,661 vulnerabilities with CWE-732
CVE-2025-3395 HIGH
ABB Automation Builder <2.8.0 - Info Disclosure
CVSS 7.1
CVE-2025-3394 HIGH
ABB Automation Builder <2.8.0 - Privilege Escalation
CVSS 7.8
CVE-2025-30408 MEDIUM
Acronis Cyber Protect <39904/39938 - Privilege Escalation
CVSS 6.7
CVE-2025-0926 MEDIUM
AXIS Camera Station Pro < 6.8.43213 - Unauthenticated Critical File Deletion via Recording Redirect
CVSS 5.9
CVE-2025-1731 HIGH
Zyxel uOS 1.20-1.31 - Authenticated Privilege Escalation via PostgreSQL Command Injection
CVSS 7.8
CVE-2025-0758 MEDIUM
Hitachi Vantara Pentaho <10.2.0.2 - Info Disclosure
CVSS 6.1
CVE-2025-30708 HIGH
Oracle User Management 12.2.4-12.2.14 - Unauthenticated Unauthorized Data Access via Search and Register Users
CVSS 7.5
CVE-2025-30688 MEDIUM
MySQL Server 8.0.0-8.0.41, 8.4.0-8.4.4, 9.0.0-9.2.0 - Denial of Service in Optimizer
CVSS 6.5
CVE-2025-30687 MEDIUM
MySQL Server 8.0.0-8.0.41, 8.4.0-8.4.4, 9.0.0-9.2.0 - Denial of Service in Server Optimizer
CVSS 6.5
CVE-2025-30685 MEDIUM
MySQL Server 8.0.0-8.0.41, 8.4.0-8.4.4, 9.0.0-9.2.0 - Authenticated Denial of Service in Replication Component
CVSS 4.9
CVE-2025-30684 MEDIUM
MySQL Server 8.0.0-8.0.41, 8.4.0-8.4.4, 9.0.0-9.2.0 - Authenticated Denial of Service in Replication
CVSS 4.9
CVE-2025-30683 MEDIUM
MySQL Server 8.0.0-8.0.41, 8.4.0-8.4.4, 9.0.0-9.2.0 - Authenticated Denial of Service in Replication Component
CVSS 4.9
CVE-2025-30682 MEDIUM
MySQL Server 8.0.0-8.0.41, 8.4.0-8.4.4, 9.0.0-9.2.0 - Denial of Service in Optimizer
CVSS 6.5
CVE-2025-21585 MEDIUM
MySQL Server 8.0.0-8.0.41, 8.4.0-8.4.4, 9.0.0-9.2.0 - Authenticated Denial of Service in Server Optimizer
CVSS 4.9
CVE-2025-21584 MEDIUM
MySQL Server 8.0.0-8.0.41, 8.4.0-8.4.4, 9.0.0-9.2.0 - Authenticated Denial of Service in Server: DDL
CVSS 4.9
CVE-2025-21583 MEDIUM
MySQL Server 8.4.0 and 9.0.0 - Denial of Service in Server: DDL
CVSS 4.9
CVE-2025-21581 MEDIUM
MySQL Server 8.0.0-8.0.41, 8.4.0-8.4.4, 9.0.0-9.2.0 - Authenticated Denial of Service in Optimizer
CVSS 4.9
CVE-2025-21580 MEDIUM
MySQL Server 8.0.0-8.0.41, 8.4.0-8.4.4, 9.0.0-9.2.0 - Authenticated Denial of Service in Server: DML
CVSS 4.9
CVE-2025-21579 MEDIUM
MySQL Server 8.0.0-8.0.41, 8.4.0-8.4.4, 9.0.0-9.2.0 - Authenticated Denial of Service in Server Options
CVSS 4.9
CVE-2025-21578 MEDIUM
Oracle Secure Backup 12.1.0.1-12.1.0.3, 18.1.0.0-18.1.0.2 - Authenticated Privilege Escalation
CVSS 6.7
CVE-2025-25041 MEDIUM
HPE Aruba Networking VIA - Privilege Escalation
CVSS 5.5
CVE-2025-20233 LOW
Splunk App for Lookup File Editing <4.0.5 - Info Disclosure
CVSS 2.5
CVE-2025-2098 HIGH
Fast CAD Reader - Privilege Escalation
CVE-2025-25373 CRITICAL
NASA cFS Aquila - Remote Code Execution via Memory Management Module Insecure Permissions
CVSS 9.8
CVE-2025-27688 HIGH
Dell ThinOS < 2408 - Elevation of Privileges via Improper Permissions
CVSS 7.8
Details
Vulnerabilities 1,661
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits