Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-689 — Vulnerability Class 2

2 vulnerabilities classified as CWE-689. AI Chinese analysis included.

CWE-689 represents a permission race condition during resource copy, a critical weakness where a system fails to enforce access controls on a newly created file or directory until the copying process finishes. Attackers typically exploit this vulnerability by monitoring the target location and attempting to access or modify the partially copied resource before the final permission settings are applied. This window of exposure allows unauthorized users to read sensitive data or inject malicious content into the incomplete file. To mitigate this risk, developers must ensure that permissions are set atomically or immediately upon resource creation, rather than after the copy operation completes. Implementing secure temporary storage mechanisms and using atomic file operations can effectively prevent this race condition, ensuring that resources remain protected throughout their entire lifecycle from creation to finalization.

MITRE CWE Description
The product, while copying or cloning a resource, does not set the resource's permissions or access control until the copy is complete, leaving the resource exposed to other spheres while the copy is taking place.
Common Consequences (1)
Confidentiality, IntegrityRead Application Data, Modify Application Data
CVE IDTitleCVSSSeverityPublished
CVE-2025-40909 Perl threads have a working directory race condition where file operations may target unintended paths — perl 6.3AIMediumAI2025-05-30
CVE-2022-28768 Local Privilege Escalation in Zoom Client Installer for macOS — Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) 8.8 High2022-11-17

Vulnerabilities classified as CWE-689 represent 2 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.