VYPR

CWE-272

Least Privilege Violation

BaseIncomplete

Description

The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-17 · CAPEC-35 · CAPEC-76

CVEs mapped to this weakness (20)

  • CVE-2025-7722HigJul 23, 2025
    risk 0.57cvss 8.8epss 0.00

    The Social Streams plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user's identity prior to updating their user meta information in the update_user_meta() function. This…

  • CVE-2024-35204HigMay 14, 2024
    risk 0.55cvss 8.4epss 0.00

    Veritas System Recovery before 23.3_Hotfix has incorrect permissions for the Veritas System Recovery folder, and thus low-privileged users can conduct attacks.

  • CVE-2025-47809HigMay 16, 2025
    risk 0.53cvss 8.2epss 0.00

    Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the…

  • CVE-2024-27165HigJun 14, 2024
    risk 0.51cvss 7.8epss 0.00

    Toshiba printers contain a suidperl binary and it has a Local Privilege Escalation vulnerability. A local attacker can get root privileges. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-55954HigJan 16, 2025
    risk 0.50cvss 8.7epss 0.00

    OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint `/api/{org_id}/users/{email_id}` allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hierarchy, enabling a non-root…

  • CVE-2026-39459HigMay 13, 2026
    risk 0.47cvss 7.2epss 0.00

    A vulnerability exists in iControl REST and the TMOS Shell (tmsh) where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands.  Note: Software versions which have reached End of…

  • CVE-2025-8758HigAug 9, 2025
    risk 0.46cvss 7.0epss 0.00

    A vulnerability was found in TRENDnet TEW-822DRE FW103B02. It has been classified as problematic. This affects an unknown part of the component vsftpd. The manipulation leads to least privilege violation. Attacking locally is a requirement. The complexity of an attack is rather…

  • CVE-2025-8757HigAug 9, 2025
    risk 0.46cvss 7.0epss 0.00

    A vulnerability was found in TRENDnet TV-IP110WN 1.2.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /server/boa.conf of the component Embedded Boa Web Server. The manipulation leads to least privilege violation. Local access is…

  • CVE-2025-1384HigJul 14, 2025
    risk 0.46cvss 7.0epss 0.00

    Least Privilege Violation (CWE-272) Vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software. An attacker may use this vulnerability to perform unauthorized access and to execute unauthorized code…

  • CVE-2025-49144HigJun 23, 2025
    risk 0.40cvss 7.3epss 0.00

    Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker…

  • CVE-2026-11620MedJun 9, 2026
    risk 0.34cvss 5.3epss 0.00

    A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2026-11497MedJun 8, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipulation leads to least privilege violation. The attack can be executed remotely.…

  • CVE-2026-32655MedApr 27, 2026
    risk 0.34cvss 5.3epss 0.00

    Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain a Least Privilege Violation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

  • CVE-2025-32955MedApr 21, 2025
    risk 0.32cvss 6.0epss 0.00

    Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to `disable-sudo` bypass. Harden-Runner includes a policy option `disable-sudo` to prevent the GitHub Actions runner user from using…

  • CVE-2026-11554MedJun 8, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege violation. The attack may be initiated remotely. The exploit has been publicly…

  • CVE-2026-11494MedJun 8, 2026
    risk 0.28cvss 4.3epss 0.00

    A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5cu.8611. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation leads to least privilege violation. The attack may be initiated remotely. The exploit has been…

  • CVE-2026-11492MedJun 8, 2026
    risk 0.28cvss 4.3epss 0.01

    A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit…

  • CVE-2026-11555LowJun 8, 2026
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least privilege violation. The attack may be launched remotely. The attack requires a…

  • CVE-2026-55226Jun 18, 2026
    risk 0.00cvss epss

    ### Impact When only the Topic or only the User operators are deployed as part of the Entity Operator in the `Kafka` custom resource, the RBAC rights are not following the principle of least-privilege and the Entity Operator ServiceAccount still has access rights corresponding…

  • CVE-2026-23634Jan 16, 2026
    risk 0.00cvss epss 0.00

    Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new…