Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-276 (缺省权限不正确) — Vulnerability Class 448

448 vulnerabilities classified as CWE-276 (缺省权限不正确). AI Chinese analysis included.

CWE-276 represents a critical configuration weakness where software installation processes assign overly permissive access rights to files, often granting read, write, and execute privileges to all users. This flaw typically allows malicious actors to modify or replace critical application binaries, configuration files, or scripts without authentication. By altering these unprotected resources, attackers can inject malicious code, escalate privileges, or compromise system integrity, effectively bypassing security controls that rely on file integrity. To mitigate this risk, developers must adhere to the principle of least privilege during deployment. This involves explicitly setting restrictive permissions, such as read-only access for general users and write access only for administrators. Automated installation scripts should verify and enforce these secure defaults, ensuring that sensitive files remain immutable to unauthorized entities and preserving the overall security posture of the deployed environment.

MITRE CWE Description
During installation, installed file permissions are set to allow anyone to modify those files.
Common Consequences (1)
Confidentiality, IntegrityRead Application Data, Modify Application Data
Mitigations (2)
Architecture and Design, OperationThe architecture needs to access and modification attributes for files to only those users who actually require those actions.
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
CVE IDTitleCVSSSeverityPublished
CVE-2025-34332 AudioCodes Fax/IVR Appliance <= 2.6.23 Insecure Service Control Scripts LPE — AudioCodes Fax/IVR Appliance 7.8AIHighAI2025-11-19
CVE-2025-34333 AudioCodes Fax/IVR Appliance <= 2.6.23 World-Writable Webroot LPE — AudioCodes Fax/IVR Appliance 7.8AIHighAI2025-11-19
CVE-2025-54990 XWiki AdminTools application doesn't set permissions on the AdminTools space — application-admintools 5.3 Medium2025-11-18
CVE-2025-12792 Canva 安全漏洞 — Canva 3.2 Low2025-11-18
CVE-2025-13193 Libvirt: information disclosure via world-readable vm snapshots 5.5 Medium2025-11-17
CVE-2025-13131 Sonarr Service Sonarr.Console.exe default permission — Sonarr 7.8 High2025-11-13
CVE-2025-13130 Radarr Service Radarr.Console.exe default permission — Radarr 7.8 High2025-11-13
CVE-2025-8485 Lenovo App Store 安全漏洞 — App Store 7.3 High2025-11-12
CVE-2025-8421 Lenovo Dock Manager 安全漏洞 — Dock Manager 6.6 Medium2025-11-12
CVE-2025-61667 Datadog Linux Host Agent affected by local privilege escalation due to insufficient pycache permissions — datadog-agent 7.8 -2025-11-12
CVE-2025-11567 Schneider Electric PowerChute Serial Shutdown 安全漏洞 — PowerChute™ Serial Shutdown 8.4 -2025-11-12
CVE-2025-10918 Ivanti Endpoint Manager 安全漏洞 — Endpoint Manager 7.1 High2025-11-11
CVE-2025-8432 CentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRON — Infra Monitoring 8.4 High2025-10-27
CVE-2025-12100 MongoDB BI Connector ODBC driver installation via MSI may leave ACLs unset on custom installation directories — BI Connector ODBC driver 7.8 High2025-10-23
CVE-2025-57848 Container-native-virtualization: privilege escalation via excessive /etc/passwd permissions — Red Hat OpenShift Virtualization 4 6.4 Medium2025-10-23
CVE-2025-23347 NVIDIA GPU Display Driver 安全漏洞 — GeForce 7.8 High2025-10-23
CVE-2025-11575 MongoDB Atlas SQL ODBC driver installation via MSI may leave ACLs unset on custom installation directories — Atlas SQL ODBC driver 7.8 High2025-10-23
CVE-2025-58712 Amq: privilege escalation via excessive /etc/passwd permissions — activemq-artemis 6.4 Medium2025-10-22
CVE-2025-62661 Do permission checking when getting counts of global and local edits, new articles and thanks — Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension 7.5AIHighAI2025-10-21
CVE-2025-62577 Fsas Technologies ETERNUS SF 安全漏洞 — ETERNUS SF AdvancedCopy Manager Standard Edition (for Solaris 10/ 11) 8.8AIHighAI2025-10-20
CVE-2025-62668 Insufficient permission checks in action=growthsetmentor — Mediawiki - GrowthExperiments Extension 7.5AIHighAI2025-10-18
CVE-2025-35062 Newforma Info Exchange (NIX) default anonymous access — Project Center 5.3 Medium2025-10-09
CVE-2025-11535 MongoDB Connector for BI installation MSI leave ACLs unset on custom installation directories — MongoDB Connector for BI 7.8AIHighAI2025-10-08
CVE-2025-23297 NVIDIA App 安全漏洞 — NVIDIA App 7.8 High2025-10-01
CVE-2025-57852 Openshift-ai: privilege escalation via excessive /etc/passwd permissions — Red Hat OpenShift AI 2.16 6.4 Medium2025-09-30
CVE-2025-36857 Rapid7 Appspider Broken Access Control Vulnerability — Appspider Pro 3.3 Low2025-09-25
CVE-2025-53947 Cognex In-Sight Explorer and In-Sight Camera Firmware Incorrect Default Permissions — In-Sight 2000 series 7.7 High2025-09-18
CVE-2025-55111 BMC Control-M/Agent insecure default file permissions — Control-M/Agent 5.5 Medium2025-09-16
CVE-2025-43887 Dell PowerProtect Data Manager 安全漏洞 — PowerProtect Data Manager 7.0 High2025-09-10
CVE-2025-43725 Dell PowerProtect Data Manager 安全漏洞 — PowerProtect Data Manager 7.8 High2025-09-10

Vulnerabilities classified as CWE-276 (缺省权限不正确) represent 448 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.