目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%
请我们喝杯咖啡

CWE-280 不充分权限或特权的处理不恰当 类漏洞列表 122

CWE-280 不充分权限或特权的处理不恰当 类弱点 122 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-280属于权限处理缺陷,指程序未正确应对权限不足的情况,导致进入意外代码路径并可能引发状态异常。攻击者常通过构造低权限请求或篡改身份凭证,触发程序逻辑错误以获取未授权访问或造成服务中断。开发者应实施严格的权限校验机制,确保在权限不足时执行安全的默认拒绝策略,并记录相关日志以便审计,从而防止因权限判断失误导致的安全风险。

MITRE CWE 官方描述
CWE:CWE-280 处理权限或特权不足不当 英文:当产品因权限不足而无法访问资源或功能时,未能正确处理或错误地处理了这种情况。这可能导致其遵循非预期的代码路径,从而使产品处于无效状态。
常见影响 (1)
OtherOther, Alter Execution Logic
缓解措施 (2)
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
ImplementationAlways check to see if you have successfully accessed a resource or system functionality, and use proper error handling if it is unsuccessful. Do this even when you are operating in a highly privileged mode, because errors or environmental conditions might still cause a failure. For example, environments with highly granular permissions/privilege models, such as Windows or Linux capabilities, can …
CVE ID标题CVSS风险等级Published
CVE-2025-62509 FileRise 访问控制错误漏洞 — FileRise 8.1 High2025-10-20
CVE-2025-62176 Mastodon 安全漏洞 — mastodon 4.3 Medium2025-10-13
CVE-2025-45376 Dell Repository Manager 安全漏洞 — Dell Repository Manager (DRM) 7.5 High2025-09-29
CVE-2025-58457 Apache ZooKeeper 安全漏洞 — Apache ZooKeeper 8.8AIHighAI2025-09-24
CVE-2025-59040 Enalean Tuleap Community Edition和Enalean Tuleap Enterprise Edition 安全漏洞 — tuleap 4.3 Medium2025-09-18
CVE-2025-50170 Microsoft Windows Cloud Files Mini Filter Driver 安全漏洞 — Windows 10 Version 1809 7.8 High2025-08-12
CVE-2025-6573 Imagination Graphics DDK 安全漏洞 — Graphics DDK 5.5 -2025-08-08
CVE-2025-8109 Imagination Graphics DDK 安全漏洞 — Graphics DDK 7.1AIHighAI2025-08-04
CVE-2025-49731 Microsoft Teams 安全漏洞 — Microsoft Teams for Android 3.1 Low2025-07-08
CVE-2025-27025 Infinera G42 安全漏洞 — G42 8.8 High2025-07-02
CVE-2025-27024 Infinera G42 安全漏洞 — G42 6.5 Medium2025-07-02
CVE-2025-46708 Imagination GPU Driver 安全漏洞 — Graphics DDK 5.5AIMediumAI2025-06-27
CVE-2025-22256 Fortinet FortiPAM 安全漏洞 — FortiPAM 6.0 Medium2025-06-10
CVE-2025-25179 Imagination GPU Driver 安全漏洞 — Graphics DDK 7.8AIHighAI2025-06-02
CVE-2025-3931 Yggdrasil 安全漏洞 7.8 High2025-05-14
CVE-2025-29826 Microsoft Dataverse 安全漏洞 — Microsoft Dataverse 7.3 High2025-05-13
CVE-2025-46740 Schweitzer Engineering Laboratories多款产品 安全漏洞 — SEL Blueframe OS 7.5 High2025-05-12
CVE-2025-46584 Huawei HarmonyOS 安全漏洞 — HarmonyOS 7.8 High2025-05-06
CVE-2025-31173 Huawei HarmonyOS 安全漏洞 — HarmonyOS 8.8 High2025-04-07
CVE-2025-31172 Huawei HarmonyOS 安全漏洞 — HarmonyOS 7.8 High2025-04-07
CVE-2025-0468 Imagination GPU Driver 安全漏洞 — Graphics DDK 5.5AIMediumAI2025-04-04
CVE-2024-55604 Appsmith 安全漏洞 — appsmith 6.5AIMediumAI2025-03-25
CVE-2024-8315 B&R Industrial Automation B&R APROL 安全漏洞 — B&R APROL 5.5AIMediumAI2025-03-25
CVE-2025-0478 Imagination GPU Driver 安全漏洞 — Graphics DDK 5.5AIMediumAI2025-03-24
CVE-2024-51459 IBM InfoSphere Information Server 安全漏洞 — InfoSphere Information Server 8.4 High2025-03-19
CVE-2025-27521 Huawei HarmonyOS 安全漏洞 — HarmonyOS 6.8 Medium2025-03-04
CVE-2025-20649 MediaTek Chipsets 安全漏洞 — MT6880, MT6890, MT6980, MT6990, MT7663, MT7902, MT7925, MT7927, MT7961 6.5 -2025-03-03
CVE-2024-6697 Hitachi Vantara Pentaho Business Analytics Server 安全漏洞 — Pentaho Data Integration & Analytics 6.5 Medium2025-02-19
CVE-2025-22129 Enalean Tuleap 安全漏洞 — tuleap 4.3 Medium2025-02-03
CVE-2025-24029 Enalean Tuleap 安全漏洞 — tuleap 5.3 Medium2025-02-03

CWE-280(不充分权限或特权的处理不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 122 条 CVE 漏洞。