Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-276 (缺省权限不正确) — Vulnerability Class 448

448 vulnerabilities classified as CWE-276 (缺省权限不正确). AI Chinese analysis included.

CWE-276 represents a critical configuration weakness where software installation processes assign overly permissive access rights to files, often granting read, write, and execute privileges to all users. This flaw typically allows malicious actors to modify or replace critical application binaries, configuration files, or scripts without authentication. By altering these unprotected resources, attackers can inject malicious code, escalate privileges, or compromise system integrity, effectively bypassing security controls that rely on file integrity. To mitigate this risk, developers must adhere to the principle of least privilege during deployment. This involves explicitly setting restrictive permissions, such as read-only access for general users and write access only for administrators. Automated installation scripts should verify and enforce these secure defaults, ensuring that sensitive files remain immutable to unauthorized entities and preserving the overall security posture of the deployed environment.

MITRE CWE Description
During installation, installed file permissions are set to allow anyone to modify those files.
Common Consequences (1)
Confidentiality, IntegrityRead Application Data, Modify Application Data
Mitigations (2)
Architecture and Design, OperationThe architecture needs to access and modification attributes for files to only those users who actually require those actions.
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
CVE IDTitleCVSSSeverityPublished
CVE-2025-48959 Acronis Cyber Protect Cloud Agent 安全漏洞 — Acronis Cyber Protect Cloud Agent 7.8AIHighAI2025-06-04
CVE-2025-48950 MaxKB Python Sandbox Bypass in Function Library — MaxKB 8.8AIHighAI2025-06-03
CVE-2025-46355 Keiyo System PC Time Tracer 安全漏洞 — PC Time Tracer 7.8AIHighAI2025-06-03
CVE-2025-2502 Lenovo PC Manager 安全漏洞 — PC Manager 7.8 High2025-05-30
CVE-2025-4081 TCC Bypass via Dylib Substitution in DaVinci Resolve — DaVinci Resolve 7.3AIHighAI2025-05-29
CVE-2025-32803 Insecure file permissions can result in confidential information leakage — Kea 4.0 Medium2025-05-28
CVE-2025-4412 TCC Bypass via Dylib Loading in Viscosity.app — Viscosity 5.0AIMediumAI2025-05-27
CVE-2025-46803 Screen creates by default world-writable PTYs 5.0 Medium2025-05-26
CVE-2024-13948 Insecure Permissions — ASPECT-Enterprise 7.3 High2025-05-22
CVE-2025-43596 MSP360 Backup (for Windows) insecure filesystem permissions — Backup 7.8 High2025-05-22
CVE-2025-4280 TCC Bypass via Inherited Permissions in Bundled Interpreter in Poedit.app — Poedit 6.6AIMediumAI2025-05-22
CVE-2025-48070 Plane has insecure permissions in UserSerializer — plane 3.5 Low2025-05-21
CVE-2025-4660 Remote Code Execution in Windows Secure Connector/ HPS Inspection Engine via Insecure Named Pipe Access — SecureConnector 9.8AICriticalAI2025-05-13
CVE-2023-31359 AMD Manageability API 安全漏洞 — AIM-T Manageability API 7.3 High2025-05-13
CVE-2023-31358 AMD Manageability API 安全漏洞 — AIM-T Manageability API 7.3 High2025-05-13
CVE-2024-36339 AMD Optimizing CPU Libraries 安全漏洞 — AMD Optimizing CPU Libraries (AOCL) 7.3 High2025-05-13
CVE-2024-21960 AMD Optimizing CPU Libraries 安全漏洞 — AMD Optimizing CPU Libraries (AOCL) 7.3 High2025-05-13
CVE-2025-3528 Mirror-registry: local privilege escalation due to incorrect permissions in mirror-registry 8.2 High2025-05-09
CVE-2025-43595 MSP360 Backup (for Linux) insecure filesystem permissions — Backup 7.8 High2025-05-01
CVE-2025-42598 SEIKO EPSON printer drivers 安全漏洞 — SEIKO EPSON printer drivers for Windows OS 7.8 High2025-04-28
CVE-2025-24914 Local Priviledge Escalation — Nessus 7.8 High2025-04-18
CVE-2025-23386 gerbera: Privilege escalation from user gerbera to root because of insecure %post script — openSUSE Tumbleweed 7.8 High2025-04-10
CVE-2025-29801 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability — Microsoft AutoUpdate for Mac 7.8 High2025-04-08
CVE-2025-0014 AMD Ryzen AI 安全漏洞 — AMD Ryzen™ AI Software 7.3 High2025-04-02
CVE-2025-2782 WatchGuard Terminal Services Agent Local Privilege Escalation via Non-Standard Installation Directory — Terminal Services Agent 7.8 -2025-03-28
CVE-2025-2781 WatchGuard Mobile VPN with SSL Local Privilege Escalation via Non-Standard Installation Directory — Mobile VPN with SSL Client 7.8 -2025-03-28
CVE-2025-27612 Libcontainer is affected by capabilities elevation — youki 5.9 Medium2025-03-21
CVE-2025-24915 Tenable Nessus Agent 安全漏洞 — Nessus Agent 7.8 High2025-03-21
CVE-2024-0245 Task Hijacking in hamza417/inure — hamza417/inure 5.5 -2025-03-20
CVE-2025-27926 Nintex Automation 安全漏洞 — Automation 4.3 Medium2025-03-10

Vulnerabilities classified as CWE-276 (缺省权限不正确) represent 448 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.