CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,661 vulnerabilities with CWE-732

CVE-2025-27591 MEDIUM

Below < 0.9.0 - Privilege Escalation via World-Writable Log Directory

CVSS 6.8

CVE-2025-22454 HIGH

Ivanti Secure Access Client < 22.7R4 - Authenticated Privilege Escalation via Insufficiently Restrictive Permissions

CVSS 7.8

CVE-2025-1413 HIGH

DaVinci Resolve <19.1.3 - Privilege Escalation

CVE-2025-1067 HIGH

Esri ArcGIS Pro <3.3.3-3.4.1 - Privilege Escalation

CVSS 7.3

CVE-2025-27141 MEDIUM

Metabase Enterprise Edition <1.50.36-1.53.2 - Info Disclosure

CVSS 6.5

CVE-2025-23403 HIGH

SIMATIC IPC DiagBase/monitor - Privilege Escalation

CVSS 7.0

CVE-2025-0064 HIGH

SAP BusinessObjects - Privilege Escalation

CVSS 8.7

CVE-2025-0374 MEDIUM

FreeBSD 14.1-RELEASE < p7, 14.2-RELEASE < p1, 13.4-RELEASE < p3 - User Data Exposure via etcupdate

CVSS 6.5

CVE-2025-24527 HIGH

Akamai EAA <2025-01-17 - Privilege Escalation

CVSS 8.0

CVE-2025-24481 HIGH

Product Version - Unauthenticated Access

CVE-2025-21571 HIGH

Oracle VM VirtualBox < 7.0.24 - Authenticated Unauthorized Data Access and Partial Denial of Service

CVSS 7.3

CVE-2025-21566 MEDIUM

MySQL Server < 9.1.0 - Denial of Service in Server Optimizer

CVSS 6.5

CVE-2025-21564 HIGH

Oracle Agile PLM Framework 9.3.6 - Unauthorized Data Access and Denial of Service via Agile Integration Services

CVSS 8.1

CVE-2025-21551 MEDIUM

Oracle Solaris 11 - Unauthorized Data Modification and Denial of Service via File System

CVSS 6.0

CVE-2025-21523 MEDIUM

MySQL Server < 8.0.40, <= 8.4.3, 9.1.0 - Authenticated Denial of Service in InnoDB

CVSS 4.9

CVE-2025-21520 LOW

Oracle MySQL Server 8.0.40 and prior, 8.4.3 and prior, 9.1.0 and prior - Unauthorized Read Access via Server Options

CVSS 1.8

CVE-2025-0590 HIGH

com.transsion.carlcare - Info Disclosure

CVSS 7.5

CVE-2025-21325 HIGH

Windows 10 21H2/22H2, Windows 11 22H2/23H2/24H2, Windows Server 2025 - Elevation of Privilege via Secure Kernel Mode

CVSS 7.8

CVE-2025-0066 CRITICAL

SAP NetWeaver AS ABAP and ABAP Platform - Unauthorized Information Disclosure via Weak Access Controls

CVSS 9.9

CVE-2024-46062 HIGH

Miniconda3 < 23.11.0-1 - Local Privilege Escalation via World-Writable Installer Files

CVSS 7.8

CVE-2024-46060 HIGH

Anaconda3 < 2024.06-1 - Local Privilege Escalation via World-Writable Installer Files

CVSS 7.8

CVE-2024-32014 MEDIUM

Spectrum Power 4 <V4.70 SP12 Update 2 - Privilege Escalation

CVSS 4.7

CVE-2024-32010 HIGH

Spectrum Power 4 <V4.70 SP12 Update 2 - Info Disclosure

CVSS 7.8

CVE-2024-11584 MEDIUM

cloud-init <25.1.2 - Privilege Escalation

CVSS 5.9

CVE-2024-45655 MEDIUM

IBM Application Gateway 19.12-24.09 - Incorrect Permission Assignment for Critical Resource

CVSS 5.5

Details

Vulnerabilities 1,661

Exploit Likelihood High

Links