Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-378 (创建拥有不安全权限的临时文件) — Vulnerability Class 34

34 vulnerabilities classified as CWE-378 (创建拥有不安全权限的临时文件). AI Chinese analysis included.

CWE-378 represents a critical security flaw where applications create temporary files with overly permissive access controls, leaving them vulnerable to unauthorized modification or reading. Attackers typically exploit this weakness by predicting the temporary file’s location and name, then creating a malicious file with the same path before the legitimate application does. This allows the attacker to inject harmful content or intercept sensitive data, potentially leading to privilege escalation or data leakage. To mitigate this risk, developers must enforce strict file permissions, such as setting read-write access for the owner only, immediately after file creation. Additionally, utilizing secure system calls that atomically create and secure files, or employing unique, unpredictable filenames, ensures that temporary files remain isolated and protected from pre-emption attacks, thereby maintaining data integrity and confidentiality throughout the application’s lifecycle.

MITRE CWE Description
Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.
Common Consequences (3)
ConfidentialityRead Application Data
If the temporary file can be read by the attacker, sensitive information may be in that file which could be revealed.
Authorization, OtherOther
If that file can be written to by the attacker, the file might be moved into a place to which the attacker does not have access. This will allow the attacker to gain selective resource access-control privileges.
Integrity, OtherOther
Depending on the data stored in the temporary file, there is the potential for an attacker to gain an additional input vector which is trusted as non-malicious. It may be possible to make arbitrary changes to data structures, user information, or even process ownership.
Mitigations (3)
RequirementsMany contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible.
ImplementationEnsure that you use proper file permissions. This can be achieved by using a safe temp file function. Temporary files should be writable and readable only by the process that owns the file.
ImplementationRandomize temporary file names. This can also be achieved by using a safe temp-file function. This will ensure that temporary files will not be created in predictable places.
Examples (1)
In the following code examples a temporary file is created and written to. After using the temporary file, the file is closed and deleted from the file system.
FILE *stream; if( (stream = tmpfile()) == NULL ) { perror("Could not open new temporary file\n"); return (-1); } // write data to tmp file ... // remove tmp file rmtmp();
Bad · C
try { File temp = File.createTempFile("pattern", ".suffix"); temp.deleteOnExit(); BufferedWriter out = new BufferedWriter(new FileWriter(temp)); out.write("aString"); out.close(); } catch (IOException e) { }
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2026-33572 OpenClaw < 2026.2.17 - Insufficient File Permissions in Session Transcript Files — OpenClaw 8.4 High2026-03-29
CVE-2026-4822 Enter Software Iperius Backup Backup Service temp file — Iperius Backup 7.0 High2026-03-25
CVE-2025-46685 Dell SupportAssist OS Recovery 安全漏洞 — SupportAssist OS Recovery 7.5 High2026-01-13
CVE-2025-46684 Dell SupportAssist OS Recovery 安全漏洞 — SupportAssist OS Recovery, 6.6 Medium2026-01-13
CVE-2025-34352 JumpCloud Remote Assist < 0.317.0 Arbitrary File Write/Delete via Insecure Temp Directory — Remote Assist 7.8AIHighAI2025-12-02
CVE-2025-7647 Insecure Temporary File Handling in run-llama/llama_index — run-llama/llama_index 8.8 -2025-09-27
CVE-2025-4953 Podman: build context bind mount 7.4 High2025-09-16
CVE-2025-9474 Mihomo Party Socket sysproxy.ts enableSysProxy temp file — Party 4.5 Medium2025-08-26
CVE-2025-38747 Dell SupportAssist OS Recovery 安全漏洞 — SupportAssist OS Recovery 7.8 High2025-08-06
CVE-2025-32438 Local privilege escalation in make-initrd-ng — nixpkgs 8.8 High2025-04-15
CVE-2025-27148 Gradle vulnerable to local privilege escalation through system temporary directory — gradle 8.8 High2025-02-25
CVE-2024-52543 Dell NativeEdge 安全漏洞 — NativeEdge 6.5 Medium2024-12-25
CVE-2024-47884 Insecure Temporary File in `foxmarks` — foxmarks 5.0AIMediumAI2024-10-11
CVE-2024-23454 Apache Hadoop: Temporary File Local Information Disclosure — Apache Hadoop 5.5AIMediumAI2024-09-25
CVE-2024-7358 Point B Ltd Getscreen Agent Installation getscreen.msi temp file — Getscreen Agent 7.8 High2024-08-01
CVE-2024-39872 Siemens SINEMA Remote Connect Server 安全漏洞 — SINEMA Remote Connect Server 9.6 Critical2024-07-09
CVE-2023-28600 Zoom Client 安全漏洞 — Zoom for macOS Client 5.2 Medium2023-06-13
CVE-2023-27408 Siemens SCALANCE 安全漏洞 — SCALANCE LPE9403 3.3 Low2023-05-09
CVE-2023-0481 Quarkus 安全漏洞 — Quarkus 3.3 -2023-02-24
CVE-2023-0482 Resteasy 安全漏洞 — RESTEasy 5.5 -2023-02-17
CVE-2022-24411 Dell Technologies Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 7.8 High2022-04-12
CVE-2021-25654 Avaya Aura Device Services Arbitrary Code Execution Vulnerability — Avaya Aura Devices Services 6.2 Medium2021-06-25
CVE-2021-1426 Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities — Cisco AnyConnect Secure Mobility Client 7.0 High2021-05-06
CVE-2021-1427 Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities — Cisco AnyConnect Secure Mobility Client 7.0 High2021-05-06
CVE-2021-1496 Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities — Cisco AnyConnect Secure Mobility Client 7.0 High2021-05-06
CVE-2021-1429 Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities — Cisco AnyConnect Secure Mobility Client 7.0 High2021-05-06
CVE-2021-1430 Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities — Cisco AnyConnect Secure Mobility Client 7.0 High2021-05-06
CVE-2021-1428 Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities — Cisco AnyConnect Secure Mobility Client 7.0 High2021-05-06
CVE-2021-28168 Maxim Nesen jersey 安全漏洞 — Eclipse Jersey 6.2 Medium2021-04-22
CVE-2021-25314 hawk: Insecure file permissions — SUSE Linux Enterprise High Availability 12-SP3 7.8 High2021-04-14

Vulnerabilities classified as CWE-378 (创建拥有不安全权限的临时文件) represent 34 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.