CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,661 vulnerabilities with CWE-732
CVE-2025-62575 HIGH
mirion biodose/nmis < 23.0 - Remote Code Execution via SQL Server sysadmin Role
CVSS 8.3
CVE-2025-59373 HIGH
ASUS System Control Interface - Privilege Escalation
CVE-2025-11921 HIGH
iStats 7.10.4 - Local Privilege Escalation via Insecure XPC Service
CVE-2025-64324 HIGH
KubeVirt < 1.6.1 - Arbitrary File Read and Write via hostDisk DiskOrCreate Option
CVSS 7.7
CVE-2025-64996 MEDIUM
Checkmk < 2.4.0p16, < 2.3.0p41, <= 2.2.0 - Incorrect Permission Assignment for Critical Resource in mk_inotify Plugin
CVSS 4.4
CVE-2025-34323 HIGH
Nagios Log Server < 2026R1.0.1 - Local Privilege Escalation via Sudo Misconfiguration and Group-Writable Scripts
CVSS 7.8
CVE-2025-8108 MEDIUM
AXIS OS 12.0.0-12.7.33 - Privilege Escalation via ACAP Configuration File
CVSS 6.7
CVE-2025-6779 MEDIUM
Axis OS 12.0.0-12.6.39 - Privilege Escalation via ACAP Configuration File
CVSS 6.7
CVE-2025-64322 MEDIUM
Salesforce Agentforce Vibes < 3.3.0 - Incorrect Permission Assignment for Critical Resource
CVSS 5.3
CVE-2025-64319 MEDIUM
Mulesoft Anypoint Code Builder < 1.12.1 - Incorrect Permission Assignment for Critical Resource
CVSS 5.3
CVE-2025-4952 MEDIUM
ESET NOD32 Antivirus >=1496 - Unauthorized Registry Modification
CVE-2025-34287 HIGH
Nagios XI < 2024R2 - Local Privilege Escalation via Improperly Owned process_perfdata.pl Script
CVSS 7.8
CVE-2025-34135 MEDIUM
Nagios XI < 2024R1.4.2 - Overly Permissive Systemd Unit File Permissions
CVSS 4.4
CVE-2025-11906 MEDIUM
Progress Flowmon <12.5.6 - Privilege Escalation
CVSS 6.7
CVE-2025-54546 HIGH
SSH Port Forwarding - Privilege Escalation
CVSS 7.5
CVE-2025-54545 HIGH
Platform <version> - Privilege Escalation
CVSS 7.8
CVE-2025-12148 MEDIUM
Search Guard <3.1.1 - Info Disclosure
CVE-2025-12147 MEDIUM
Search Guard FLX <3.1.1 - Info Disclosure
CVE-2025-62688 HIGH
Productivity Suite <4.4.1.19 - Privilege Escalation
CVSS 7.1
CVE-2025-12004 CRITICAL
Mediawiki - Lockdown Extension <1.42 - Privilege Escalation
CVE-2025-31702 MEDIUM
Dahua embedded products - Privilege Escalation
CVSS 6.8
CVE-2025-57741 HIGH
FortiClientMac 7.0.0-7.4.3 - Incorrect Permission Assignment for Critical Resource via LaunchDaemon Hijacking
CVSS 7.8
CVE-2025-62251 MEDIUM
Liferay Portal 7.3.0-7.4.3.119 & DXP < 2023.Q3.9/2023.Q4.6/7.4 GA-92/7.3 GA-36 - Unauthorized Information Disclosure
CVSS 6.5
CVE-2025-8886 MEDIUM
Usta Information Systems Inc. Aybs Interaktif - Privilege Escalation
CVSS 6.7
CVE-2025-10751 HIGH
MacForge 1.2.0 Beta 1 - Unauthenticated Privilege Escalation via Insecure XPC Service
CVSS 7.8
Details
Vulnerabilities 1,661
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits