CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,661 vulnerabilities with CWE-732
CVE-2025-61969 HIGH
AMD Prof >=5.2.431 - Privilege Escalation via Incorrect Permission Assignment
CVE-2025-35999 MEDIUM
Intel(R) Server Boards and Intel(R) Server Systems <16.0.12 - Privi...
CVSS 6.7
CVE-2025-14740 MEDIUM
Docker Desktop for Windows - Privilege Escalation
CVSS 6.7
CVE-2025-52627 MEDIUM
HCL AION 2.0 - Incorrect Permission Assignment for Critical Resource
CVSS 5.5
CVE-2025-14988 CRITICAL
ibaPDA >=8.12.0 <8.12.0 - Unauthorized File System Access
CVE-2025-12985 HIGH
IBM Licensing Operator - Privilege Escalation
CVSS 8.4
CVE-2025-59961 MEDIUM
Juniper Junos OS and Junos OS Evolved - Incorrect Permission Assignment for Critical Resource in jdhcpd Unix Socket
CVSS 5.5
CVE-2025-67246 HIGH
Ludashi Driver < 5.1025 - Unauthenticated Local Information Disclosure via IOCTL Handler
CVSS 7.3
CVE-2025-69426 CRITICAL
Ruckus vRIoT IoT Controller <3.0.0.0 - Privilege Escalation
CVE-2025-14979 HIGH
AirVPN Eddie <2.24.6 - Privilege Escalation
CVSS 7.8
CVE-2025-64699 HIGH
SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22) - Incorrect NULL DACL in regService Device Object
CVSS 7.8
CVE-2025-66723 HIGH
inMusic Brands Engine DJ <4.3.4 - Info Disclosure
CVSS 7.5
CVE-2025-13703 HIGH
VIPRE Advanced Security - Privilege Escalation
CVSS 7.8
CVE-2025-13941 HIGH
Foxit PDF Editor <13.2.1.23955 & PDF Reader <2025.2.1.33197 - Local Privilege Escalation
CVSS 8.8
CVE-2025-68462 LOW
Freedombox <25.17.1 - Info Disclosure
CVSS 3.2
CVE-2025-67794 MEDIUM
DriveLock 24.1-24.1.*, <24.2.8, <25.1.6 - Incorrect Permission Assignment for Critical Resource
CVSS 6.1
CVE-2025-34288 MEDIUM
Nagios XI < 2026R1.1 - Local Privilege Escalation via Sudo and Writable PHP Include
CVSS 6.7
CVE-2025-43470 MEDIUM
macOS Tahoe <26.1 - Info Disclosure
CVSS 5.5
CVE-2025-13733 HIGH
BuhoNTFS 1.3.2 - Local Privilege Escalation via Insecure XPC Service
CVSS 7.8
CVE-2025-40818 LOW
SINEMA Remote Connect Server < V3.2 SP4 - Authenticated Private Key Exposure via Improper Permission Assignment
CVSS 3.3
CVE-2025-8148 MEDIUM
Fortra GoAnywhere MFT < 7.9.0 - Improper Access Control in SFTP Service
CVSS 4.2
CVE-2025-20387 HIGH
Splunk Universal Forwarder for Windows < 9.2.10 - Incorrect Permission Assignment for Critical Resource
CVSS 8.0
CVE-2025-20386 HIGH
Splunk Enterprise <10.0.2-9.4.6-9.3.8-9.2.10 - Info Disclosure
CVSS 8.0
CVE-2025-64642 HIGH
mirion biodose/nmis < 23.0 - Insecure File Permissions in Installation Directory
CVSS 8.0
CVE-2025-64298 HIGH
mirion biodose/nmis < 23.0 - Unprotected Sensitive Data Exposure via Insecure Directory Permissions
CVSS 8.4
Details
Vulnerabilities 1,661
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits