VYPR

CWE-250

Execution with Unnecessary Privileges

BaseDraftLikelihood: Medium

Description

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-104 · CAPEC-470 · CAPEC-69

CVEs mapped to this weakness (139)

page 3 of 7
  • CVE-2026-29205HigMay 13, 2026
    risk 0.56cvss 8.6epss 0.07

    Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints.

  • CVE-2024-23299HigJun 10, 2024
    risk 0.56cvss 8.6epss 0.00

    The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to break out of its sandbox.

  • CVE-2025-12694HigJun 4, 2026
    risk 0.55cvss epss 0.00

    A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN Client for Windows: versions 6.11.3 and prior.

  • CVE-2026-8370HigMay 19, 2026
    risk 0.55cvss epss 0.00

    Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges. This…

  • CVE-2026-42088CriMay 4, 2026
    risk 0.55cvss 9.6epss 0.00

    OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Python and Ruby scripts directly from the openc3-COSMOS-script-runner-api…

  • CVE-2025-34290HigDec 20, 2025
    risk 0.55cvss epss 0.00

    Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations…

  • CVE-2025-14096HigDec 17, 2025
    risk 0.55cvss 8.4epss 0.00

    A vulnerability exists in multiple Radiometer products that allow an attacker with physical access to the analyzer possibility to extract credential information. The vulnerability is due to a weakness in the design and insufficient credential protection in operating system. …

  • CVE-2025-50753HigAug 26, 2025
    risk 0.55cvss 8.4epss 0.00

    Mitrastar GPT-2741GNAC-N2 devices are provided with access through ssh into a restricted default shell.The command "deviceinfo show file" is supposed to be used from restricted shell to show files and directories. By providing " /bin/sh" (quotes included) to the argument of this…

  • CVE-2024-27110HigMay 14, 2024
    risk 0.55cvss 8.4epss 0.00

    Elevation of privilege vulnerability in GE HealthCare EchoPAC products

  • CVE-2024-21924HigFeb 11, 2025
    risk 0.53cvss 8.2epss 0.00

    SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution.

  • CVE-2025-23181HigApr 29, 2025
    risk 0.52cvss 8.0epss 0.00

    CWE-250: Execution with Unnecessary Privileges

  • CVE-2025-23180HigApr 29, 2025
    risk 0.52cvss 8.0epss 0.00

    CWE-250: Execution with Unnecessary Privileges

  • CVE-2024-7387CriSep 17, 2024
    risk 0.52cvss 9.1epss 0.02

    A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the…

  • CVE-2018-1087HigMay 15, 2018
    risk 0.52cvss 8.0epss 0.01

    kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions.…

  • CVE-2026-3623HigMay 27, 2026
    risk 0.51cvss 7.8epss 0.00

    IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privileged access to escalate their privileges to root. By exploiting this flaw, the attacker can execute root‑level commands, obtain a root shell, and change the root…

  • CVE-2026-33793HigApr 9, 2026
    risk 0.51cvss 7.8epss 0.00

    An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python…

  • CVE-2025-12690HigMar 11, 2026
    risk 0.51cvss 7.8epss 0.00

    Execution with unnecessary privileges in Forcepoint NGFW Engine allows local privilege escalation.This issue affects NGFW Engine through 6.10.19, through 7.3.0, through 7.2.4, through 7.1.10.

  • CVE-2026-3315HigMar 10, 2026
    risk 0.51cvss 7.8epss 0.00

    Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/Environment Manipulation.This issue affects Visionline: from 1.0 before 1.33.

  • CVE-2026-0870HigFeb 9, 2026
    risk 0.51cvss 7.8epss 0.00

    MacroHub developed by GIGABYTE has a Local Privilege Escalation vulnerability. Due to the MacroHub application launching external applications with improper privileges, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges.

  • CVE-2025-50505HigOct 7, 2025
    risk 0.51cvss 7.8epss 0.00

    Clash Verge Rev thru 2.2.3 (fixed in 2.3.0) forces the installation of system services(clash-verge-service) by default and exposes key functions through the unauthorized HTTP API `/start_clash`, allowing local users to submit arbitrary bin_path parameters and pass them directly…