CWE-276 缺省权限不正确类漏洞列表 448

CWE-276 缺省权限不正确类弱点 448 条 CVE 漏洞汇总，含 AI 中文分析。

CWE-276 属于权限配置不当类漏洞，指软件在安装过程中将文件权限错误地设置为允许任何用户修改。攻击者通常利用此缺陷，通过篡改关键配置文件或二进制文件植入恶意代码，从而在后续执行中获得未授权访问或提升权限。开发者应避免使用过于宽松的默认权限，遵循最小权限原则，在部署时显式设置严格的访问控制，确保仅授权用户具备读写执行权限，从而从源头消除安全隐患。

MITRE CWE 官方描述

CWE：CWE-276 Incorrect Default Permissions 英文：在安装过程中，已安装文件的权限被设置为允许任何人修改这些文件。

常见影响 (1)

Confidentiality, IntegrityRead Application Data, Modify Application Data

缓解措施 (2)

Architecture and Design, OperationThe architecture needs to access and modification attributes for files to only those users who actually require those actions.

Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…

CVE ID	タイトル	CVSS	深刻度	公開日
CVE-2025-10231	N-central Incorrect Default Permissions could lead to Privilege Escalation — N-central	7.0	High	2025-09-10
CVE-2024-43166	Apache DolphinScheduler 安全漏洞 — Apache DolphinScheduler	9.8^AI	Critical^AI	2025-09-03
CVE-2025-57846	Digital Arts i-FILTER 安全漏洞 — i-フィルター 6.0	7.8	-	2025-08-27
CVE-2025-9190	TCC Bypass via misconfigured Node fuses in Cursor — Cursor	7.3^AI	High^AI	2025-08-26
CVE-2025-53813	TCC Bypass via misconfigured Node fuses in Nozbe — Nozbe	7.3^AI	High^AI	2025-08-26
CVE-2025-53811	TCC Bypass via misconfigured Node fuses in Mosh-Pro — Mosh-Pro	7.3^AI	High^AI	2025-08-26
CVE-2025-8098	Lenovo PC Manager 安全漏洞 — PC Manager	7.8	High	2025-08-18
CVE-2025-8672	TCC Bypass via Inherited Permissions in Bundled Interpreter in GIMP.app — GIMP	6.6^AI	Medium^AI	2025-08-11
CVE-2025-7195	Operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd — operator-sdk	6.4	Medium	2025-08-07
CVE-2025-41658	CODESYS Toolkit Exposes Sensitive Files via Default Permissions — Runtime Toolkit	5.5	Medium	2025-08-04
CVE-2025-54530	JetBrains TeamCity 安全漏洞 — TeamCity	7.5	High	2025-07-28
CVE-2025-8069	Local Privilege Escalation Vulnerability in AWS Client VPN Windows Client — Client VPN	7.8	High	2025-07-23
CVE-2025-54059	melange creates SBOM files in APKs with world-writable permissions — melange	4.4	Medium	2025-07-18
CVE-2025-53945	apko has incorrect permission (0666) in /etc/ld.so.cache and other files — apko	7.0	High	2025-07-18
CVE-2025-0886	Lenovo Elliptic Labs Virtual Lock Sensor 安全漏洞 — Elliptic Virtual Lock Sensor Service For ThinkPad P1 Gen 6 (Type 21FV, 21FW)	7.8	High	2025-07-17
CVE-2024-13972	Sophos Intercept X 安全漏洞 — Sophos Intercept X for Windows Core Agent	8.8	High	2025-07-17
CVE-2025-5199	LPE on Multipass for macOS — Multipass	7.3	High	2025-07-11
CVE-2025-41665	Phoenix Contact: DoS of the PLC due to incorrect default permissions possible — AXC F 1152	6.5	Medium	2025-07-08
CVE-2025-52991	Nix、lix和GNU Guix 安全漏洞 — Nix	3.2	Low	2025-06-27
CVE-2025-52900	File Browser has Insecure File Permissions — filebrowser	5.5	Medium	2025-06-26
CVE-2025-39201	Hitachi MicroSCADA X SYS600 安全漏洞 — MicroSCADA X SYS600	6.1	Medium	2025-06-24
CVE-2025-5963	TCC Bypass via Dylib Injection in Postbox — Postbox	7.8^AI	High^AI	2025-06-20
CVE-2025-5255	TCC Bypass via Dylib Injection in Phoenix Code — Phoenix Code	7.8^AI	High^AI	2025-06-20
CVE-2025-6264	Velociraptor priviledge escalation via UpdateConfig artifact — Velociraptor	5.5	Medium	2025-06-20
CVE-2025-49843	conda-smithy Has Incorrect Default File Permissions — conda-smithy	8.1^AI	High^AI	2025-06-17
CVE-2025-49842	conda-forge-webservices Privilege Escalation Risk via Default Docker Root User — conda-forge-webservices	10.0^AI	Critical^AI	2025-06-17
CVE-2025-36632	Local Privilege Escalation — Agent	7.8	High	2025-06-16
CVE-2025-1699	Motorola MotoSignature 安全漏洞 — g34	2.8	Low	2025-06-11
CVE-2025-40585	Siemens Energy Services 安全漏洞 — Energy Services	9.9	Critical	2025-06-10
CVE-2025-49006	Wasp has case insensitive OAuth ID vulnerability — wasp	8.8^AI	High^AI	2025-06-09

CWE-276（缺省权限不正确）是常见的弱点类别，本平台收录该类弱点关联的 448 条 CVE 漏洞。

目標達成 すべての支援者に感謝 — 100%達成しました！

CWE-276 缺省权限不正确 类漏洞列表 448

目標達成すべての支援者に感謝 — 100%達成しました！

CWE-276 缺省权限不正确类漏洞列表 448