CWE-250
Execution with Unnecessary Privileges
Description
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-104 · CAPEC-470 · CAPEC-69
CVEs mapped to this weakness (139)
page 4 of 7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-38695 | — | Hig | 0.51 | 7.8 | 0.00 | Sep 1, 2025 | In BootRom, there's a possible unchecked command index. This could lead to local escalation of privilege with no additional execution privileges needed. | |
| CVE-2022-38694 | — | Hig | 0.51 | 7.8 | 0.01 | Sep 1, 2025 | In BootRom, there is a possible unchecked write address. This could lead to local escalation of privilege with no additional execution privileges needed. | |
| CVE-2022-38691 | — | Hig | 0.51 | 7.8 | 0.00 | Sep 1, 2025 | In BootROM, there is a possible missing validation for Certificate Type 0. This could lead to local escalation of privilege with no additional execution privileges needed. | |
| CVE-2025-3925 | Hig | 0.51 | 7.8 | 0.00 | May 7, 2025 | BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 contain an execution with unnecessary privileges vulnerability, allowing for privilege escalation on the device once code execution has been obtained. | ||
| CVE-2024-12673 | Hig | 0.51 | 7.8 | 0.00 | Feb 12, 2025 | An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: * Lenovo V… | ||
| CVE-2024-50590 | Hig | 0.51 | 7.8 | 0.00 | Nov 8, 2024 | Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is … | ||
| CVE-2024-3498 | — | Hig | 0.51 | 7.8 | 0.00 | Jun 14, 2024 | Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference URL. | |
| CVE-2024-0073 | Hig | 0.51 | 7.8 | 0.00 | Mar 27, 2024 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer when the driver is performing an operation at a privilege level that is higher than the minimum level required. A successful exploit of this vulnerability may lead to code execution, denial… | ||
| CVE-2026-46617 | Hig | 0.50 | — | 0.00 | Jun 10, 2026 | Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, Fission runtime pods were created with ServiceAccountName: fission-fetcher, and the fission-fetcher… | ||
| CVE-2026-41900 | — | Hig | 0.50 | 8.8 | 0.01 | May 8, 2026 | OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution (RCE) vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. This issue has… | |
| CVE-2025-1977 | Hig | 0.50 | — | 0.00 | Dec 31, 2025 | The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability (CVE-2025-1977) that allows an authenticated user with read-only access to perform unauthorized configuration changes through the MCC (Moxa CLI Configuration) tool. The issue… | ||
| CVE-2025-58365 | Hig | 0.50 | — | 0.01 | Sep 8, 2025 | The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Prior to version 9.14, the blog application in XWiki allowed remote code execution for any user who has edit right on any page. Normally, these are all logged-in users as they can edit… | ||
| CVE-2026-21882 | — | Hig | 0.48 | 8.4 | 0.00 | Mar 2, 2026 | theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0. | |
| CVE-2024-27147 | — | Hig | 0.48 | 7.4 | 0.00 | Jun 14, 2024 | The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. | |
| CVE-2024-22017 | Hig | 0.48 | 7.3 | 0.01 | Mar 19, 2024 | setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users… | ||
| CVE-2026-10843 | Hig | 0.47 | 7.2 | 0.00 | Jun 4, 2026 | A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential… | ||
| CVE-2026-42061 | Hig | 0.47 | 7.3 | 0.00 | Jun 3, 2026 | Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227. | ||
| CVE-2026-4667 | Hig | 0.47 | — | 0.00 | Apr 15, 2026 | HP System Optimizer might potentially be vulnerable to escalation of privilege. HP is releasing an update to mitigate this potential vulnerability. | ||
| CVE-2025-23009 | Hig | 0.47 | 7.2 | 0.00 | Apr 10, 2025 | A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion. | ||
| CVE-2025-23008 | Hig | 0.47 | 7.2 | 0.00 | Apr 10, 2025 | An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations. |
- risk 0.51cvss 7.8epss 0.00
In BootRom, there's a possible unchecked command index. This could lead to local escalation of privilege with no additional execution privileges needed.
- risk 0.51cvss 7.8epss 0.01
In BootRom, there is a possible unchecked write address. This could lead to local escalation of privilege with no additional execution privileges needed.
- risk 0.51cvss 7.8epss 0.00
In BootROM, there is a possible missing validation for Certificate Type 0. This could lead to local escalation of privilege with no additional execution privileges needed.
- risk 0.51cvss 7.8epss 0.00
BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 contain an execution with unnecessary privileges vulnerability, allowing for privilege escalation on the device once code execution has been obtained.
- risk 0.51cvss 7.8epss 0.00
An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: * Lenovo V…
- risk 0.51cvss 7.8epss 0.00
Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is …
- risk 0.51cvss 7.8epss 0.00
Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference URL.
- risk 0.51cvss 7.8epss 0.00
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer when the driver is performing an operation at a privilege level that is higher than the minimum level required. A successful exploit of this vulnerability may lead to code execution, denial…
- risk 0.50cvss —epss 0.00
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, Fission runtime pods were created with ServiceAccountName: fission-fetcher, and the fission-fetcher…
- risk 0.50cvss 8.8epss 0.01
OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution (RCE) vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. This issue has…
- risk 0.50cvss —epss 0.00
The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability (CVE-2025-1977) that allows an authenticated user with read-only access to perform unauthorized configuration changes through the MCC (Moxa CLI Configuration) tool. The issue…
- risk 0.50cvss —epss 0.01
The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Prior to version 9.14, the blog application in XWiki allowed remote code execution for any user who has edit right on any page. Normally, these are all logged-in users as they can edit…
- risk 0.48cvss 8.4epss 0.00
theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0.
- risk 0.48cvss 7.4epss 0.00
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.
- risk 0.48cvss 7.3epss 0.01
setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users…
- risk 0.47cvss 7.2epss 0.00
A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential…
- risk 0.47cvss 7.3epss 0.00
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.
- risk 0.47cvss —epss 0.00
HP System Optimizer might potentially be vulnerable to escalation of privilege. HP is releasing an update to mitigate this potential vulnerability.
- risk 0.47cvss 7.2epss 0.00
A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion.
- risk 0.47cvss 7.2epss 0.00
An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations.