CWE-732
High likelihoodIncorrect Permission Assignment for Critical Resource
Parent: CWE-285 - Improper Authorization
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
1,661 vulnerabilities with CWE-732
CVE-2025-52923
MEDIUM
Sangfor aTrust <2.4.10 - Command Injection
CVSS 4.3
CVE-2025-49131
MEDIUM
FastGPT < 4.9.11 - Sandbox Escape and Arbitrary File Write via Overly Permissive Syscalls
CVSS 6.3
CVE-2025-48961
HIGH
Acronis Cyber Protect <16 - Privilege Escalation
CVSS 7.3
CVE-2025-20298
HIGH
SplunkUniversalForwarder <9.4.2-9.1.9 - Privilege Escalation
CVSS 8.0
CVE-2025-2503
HIGH
Lenovo PCManager < 5.1.110.5082 - Arbitrary File Deletion via Improper Permission Handling
CVSS 7.1
CVE-2025-48747
MEDIUM
Netwrix Directory Manager <11.0.0.0 - 11.1.25134.03 - Privilege Esc...
CVSS 5.0
CVE-2025-48382
MEDIUM
Fess < 14.19.2 - Unauthorized Information Disclosure via Temporary File Permissions
CVSS 5.5
CVE-2025-46802
MEDIUM
SUSE Linux Enterprise Micro 5.3-5.5 and Module for Basesystem 15 SP6 - Unauthenticated PTY Permission Assignment
CVSS 6.0
CVE-2025-40672
HIGH
Panloader v3.24.0.0 - Privilege Escalation
CVE-2025-45472
HIGH
lumigo autodeploy-layer < 1.2.0 - Incorrect Permission Assignment for Critical Resource
CVSS 8.8
CVE-2025-45468
HIGH
devsapp/fc-stable-diffusion < 1.0.18 - Privilege Escalation via Insecure Permissions
CVSS 8.8
CVE-2025-45471
HIGH
lumigo/measure-cold-start < 1.4.1 - Incorrect Permission Assignment for Critical Resource
CVSS 8.8
CVE-2025-32915
MEDIUM
Checkmk < 2.4.0p1, < 2.3.0p32, < 2.2.0p42, <= 2.1.0p49 - Incorrect Permission Assignment for Critical Resource
CVSS 5.5
CVE-2025-3944
HIGH
Tridium Niagara <4.14.2-4.15.1-4.10.11 - File Manipulation
CVSS 7.2
CVE-2025-3936
MEDIUM
Tridium Niagara <4.14.2-4.15.1-4.10.11 - Privilege Escalation
CVSS 6.5
CVE-2025-2759
HIGH
GStreamer < 1.25.1 - Incorrect Permission Assignment for Critical Resource
CVSS 7.8
CVE-2025-34025
HIGH
Versa Concerto <12.2.0 - Privilege Escalation
CVE-2025-31262
MEDIUM
iPadOS < 18.3 - Unauthorized File System Modification
CVSS 5.5
CVE-2025-40574
HIGH
SCALANCE LPE9403 < V4.0 HF0 - Incorrect Permission Assignment for Critical Resource
CVSS 7.8
CVE-2025-40572
MEDIUM
SCALANCE LPE9403 < V4.0 HF0 - Unauthorized Information Disclosure via Incorrect Permission Assignment
CVSS 5.5
CVE-2025-24009
MEDIUM
SIRIUS 3RK3 Modular Safety System and Safety Relays 3SK2 - Unauthenticated Sensitive Information Exposure
CVSS 5.9
CVE-2025-42997
MEDIUM
SAP Gateway Client - Info Disclosure
CVSS 6.6
CVE-2025-26169
HIGH
IXON VPN Client <1.4.4 - Privilege Escalation
CVSS 8.1
CVE-2025-26168
HIGH
IXON VPN Client <1.4.4 - Privilege Escalation
CVSS 8.1
CVE-2025-23245
MEDIUM
NVIDIA vGPU Software R535 R550 R570 R575 - Denial of Service via Virtual GPU Manager Resource Access
CVSS 5.5
Details
Vulnerabilities
1,661
Exploit Likelihood
High