Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-276 (缺省权限不正确) — Vulnerability Class 448

448 vulnerabilities classified as CWE-276 (缺省权限不正确). AI Chinese analysis included.

CWE-276 represents a critical configuration weakness where software installation processes assign overly permissive access rights to files, often granting read, write, and execute privileges to all users. This flaw typically allows malicious actors to modify or replace critical application binaries, configuration files, or scripts without authentication. By altering these unprotected resources, attackers can inject malicious code, escalate privileges, or compromise system integrity, effectively bypassing security controls that rely on file integrity. To mitigate this risk, developers must adhere to the principle of least privilege during deployment. This involves explicitly setting restrictive permissions, such as read-only access for general users and write access only for administrators. Automated installation scripts should verify and enforce these secure defaults, ensuring that sensitive files remain immutable to unauthorized entities and preserving the overall security posture of the deployed environment.

MITRE CWE Description
During installation, installed file permissions are set to allow anyone to modify those files.
Common Consequences (1)
Confidentiality, IntegrityRead Application Data, Modify Application Data
Mitigations (2)
Architecture and Design, OperationThe architecture needs to access and modification attributes for files to only those users who actually require those actions.
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
CVE IDTitleCVSSSeverityPublished
CVE-2025-10231 N-central Incorrect Default Permissions could lead to Privilege Escalation — N-central 7.0 High2025-09-10
CVE-2024-43166 Apache DolphinScheduler 安全漏洞 — Apache DolphinScheduler 9.8AICriticalAI2025-09-03
CVE-2025-57846 Digital Arts i-FILTER 安全漏洞 — i-フィルター 6.0 7.8 -2025-08-27
CVE-2025-9190 TCC Bypass via misconfigured Node fuses in Cursor — Cursor 7.3AIHighAI2025-08-26
CVE-2025-53813 TCC Bypass via misconfigured Node fuses in Nozbe — Nozbe 7.3AIHighAI2025-08-26
CVE-2025-53811 TCC Bypass via misconfigured Node fuses in Mosh-Pro — Mosh-Pro 7.3AIHighAI2025-08-26
CVE-2025-8098 Lenovo PC Manager 安全漏洞 — PC Manager 7.8 High2025-08-18
CVE-2025-8672 TCC Bypass via Inherited Permissions in Bundled Interpreter in GIMP.app — GIMP 6.6AIMediumAI2025-08-11
CVE-2025-7195 Operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd — operator-sdk 6.4 Medium2025-08-07
CVE-2025-41658 CODESYS Toolkit Exposes Sensitive Files via Default Permissions — Runtime Toolkit 5.5 Medium2025-08-04
CVE-2025-54530 JetBrains TeamCity 安全漏洞 — TeamCity 7.5 High2025-07-28
CVE-2025-8069 Local Privilege Escalation Vulnerability in AWS Client VPN Windows Client — Client VPN 7.8 High2025-07-23
CVE-2025-54059 melange creates SBOM files in APKs with world-writable permissions — melange 4.4 Medium2025-07-18
CVE-2025-53945 apko has incorrect permission (0666) in /etc/ld.so.cache and other files — apko 7.0 High2025-07-18
CVE-2025-0886 Lenovo Elliptic Labs Virtual Lock Sensor 安全漏洞 — Elliptic Virtual Lock Sensor Service For ThinkPad P1 Gen 6 (Type 21FV, 21FW) 7.8 High2025-07-17
CVE-2024-13972 Sophos Intercept X 安全漏洞 — Sophos Intercept X for Windows Core Agent 8.8 High2025-07-17
CVE-2025-5199 LPE on Multipass for macOS — Multipass 7.3 High2025-07-11
CVE-2025-41665 Phoenix Contact: DoS of the PLC due to incorrect default permissions possible — AXC F 1152 6.5 Medium2025-07-08
CVE-2025-52991 Nix、lix和GNU Guix 安全漏洞 — Nix 3.2 Low2025-06-27
CVE-2025-52900 File Browser has Insecure File Permissions — filebrowser 5.5 Medium2025-06-26
CVE-2025-39201 Hitachi MicroSCADA X SYS600 安全漏洞 — MicroSCADA X SYS600 6.1 Medium2025-06-24
CVE-2025-5963 TCC Bypass via Dylib Injection in Postbox — Postbox 7.8AIHighAI2025-06-20
CVE-2025-5255 TCC Bypass via Dylib Injection in Phoenix Code — Phoenix Code 7.8AIHighAI2025-06-20
CVE-2025-6264 Velociraptor priviledge escalation via UpdateConfig artifact — Velociraptor 5.5 Medium2025-06-20
CVE-2025-49843 conda-smithy Has Incorrect Default File Permissions — conda-smithy 8.1AIHighAI2025-06-17
CVE-2025-49842 conda-forge-webservices Privilege Escalation Risk via Default Docker Root User — conda-forge-webservices 10.0AICriticalAI2025-06-17
CVE-2025-36632 Local Privilege Escalation — Agent 7.8 High2025-06-16
CVE-2025-1699 Motorola MotoSignature 安全漏洞 — g34 2.8 Low2025-06-11
CVE-2025-40585 Siemens Energy Services 安全漏洞 — Energy Services 9.9 Critical2025-06-10
CVE-2025-49006 Wasp has case insensitive OAuth ID vulnerability — wasp 8.8AIHighAI2025-06-09

Vulnerabilities classified as CWE-276 (缺省权限不正确) represent 448 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.