CWE-732
High likelihoodIncorrect Permission Assignment for Critical Resource
Parent: CWE-285 - Improper Authorization
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
1,661 vulnerabilities with CWE-732
CVE-2025-43759
LOW
Liferay Portal 7.4.0-7.4.3.132 and DXP 2024.Q1.1-2024.Q1.14 - Authenticated Tenant Enumeration via Page Addition
CVSS 2.7
CVE-2025-52094
HIGH
PDQ SmartDeploy < 3.0.2046 - Arbitrary Code Execution via Insecure Registry Permissions
CVSS 7.8
CVE-2025-38742
MEDIUM
Dell iDRAC Service Module < 6.0.3.0 - Incorrect Permission Assignment for Critical Resource
CVSS 5.3
CVE-2025-55524
HIGH
Agent-Zero <0.8.* - Privilege Escalation
CVSS 7.3
CVE-2025-27216
HIGH
UISP Application - Privilege Escalation
CVSS 8.8
CVE-2025-1139
MEDIUM
IBM Edge Application Manager 4.5 - Incorrect Permission Assignment for Critical Resource
CVSS 6.1
CVE-2025-8042
CRITICAL
Firefox for Android < 141.0 - Unauthenticated Download Restriction Bypass via Sandboxed Iframe
CVSS 9.8
CVE-2025-5819
MEDIUM
GitLab CE/EE <18.0.6-18.2.2 - Info Disclosure
CVSS 5.0
CVE-2025-50675
HIGH
GPMAW 14 - Incorrect Permission Assignment for Critical Resource in Installation Directory
CVSS 7.8
CVE-2025-54618
MEDIUM
Distributed Clipboard Module - Info Disclosure
CVSS 5.7
CVE-2025-46093
CRITICAL
LiquidFiles < 4.1.2 - Authenticated Remote Code Execution via FTP SITE CHMOD
CVSS 9.9
CVE-2025-41659
HIGH
CODESYS Control for Linux SL < 4.17.0.0 - Unauthenticated Sensitive Data Exposure via PKI Folder Access
CVSS 8.3
CVE-2025-23285
MEDIUM
NVIDIA GPU Display Drivers R535-R570 - Denial of Service via Virtual GPU Manager Resource Access
CVSS 5.5
CVE-2025-45150
CRITICAL
LangChain-ChatGLM-Webui - Unauthenticated Arbitrary File Read via Insecure Permissions
CVSS 9.8
CVE-2025-43266
MEDIUM
macOS <15.6-13.7.7 - Privilege Escalation
CVSS 5.1
CVE-2025-43247
MEDIUM
macOS < Ventura 13.7.7 - Privilege Escalation
CVSS 5.5
CVE-2025-43243
CRITICAL
macOS <15.6-14.7.7 - Info Disclosure
CVSS 9.8
CVE-2025-26469
CRITICAL
MedDream PACS Premium 7.3.3.840 - Unprotected Credential Exposure via Registry Key
CVSS 9.3
CVE-2025-36104
MEDIUM
IBM Storage Scale 5.2.3.0 and 5.2.3.1 - Authenticated Sensitive Information Exposure via SMB Inherited Permissions
CVSS 6.5
CVE-2025-30661
HIGH
Juniper Junos OS Privilege Escalation via Line Card Script Processing
CVSS 7.3
CVE-2025-27446
HIGH
Apache APISIX(java-plugin-runner) - Privilege Escalation
CVSS 7.8
CVE-2025-6297
HIGH
dpkg < 1.22.21 - Denial of Service via Directory Permission Mismanagement
CVSS 8.2
CVE-2025-52992
LOW
Nix/Lix/Guix <2.24.15/2.26.4/2.28.4/2.29.1 - Privilege Escalation
CVSS 3.2
CVE-2025-5995
MEDIUM
Canon EOS Webcam Utility Pro for MAC OS <2.3.29 - Privilege Escalation
CVE-2025-36537
HIGH
TeamViewer <15.67 - Privilege Escalation
CVSS 7.0
Details
Vulnerabilities
1,661
Exploit Likelihood
High