CWE-276
Incorrect Default Permissions
BaseDraftLikelihood: Medium
Description
During installation, installed file permissions are set to allow anyone to modify those files.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-1 · CAPEC-127 · CAPEC-81
CVEs mapped to this weakness (311)
page 10 of 16| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-30518 | Med | 0.44 | 6.7 | 0.00 | Nov 11, 2025 | Incorrect default permissions for some Intel(R) PresentMon before version 2.3.1 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |
| CVE-2025-27711 | Med | 0.44 | 6.7 | 0.00 | Nov 11, 2025 | Incorrect default permissions for some Intel(R) One Boot Flash Update (Intel(R) OFU) software before version 14.1.31 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |
| CVE-2025-27246 | Med | 0.44 | 6.7 | 0.00 | Nov 11, 2025 | Incorrect default permissions for the Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |
| CVE-2025-12100 | Hig | 0.44 | 7.8 | 0.00 | Oct 23, 2025 | Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6. | |
| CVE-2025-27559 | Med | 0.44 | 6.7 | 0.00 | Aug 12, 2025 | Incorrect default permissions for some AI Playground software before version v2.3.0 alpha may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2025-26470 | Med | 0.44 | 6.7 | 0.00 | Aug 12, 2025 | Incorrect default permissions for some Intel(R) Distribution for Python software installers before version 2025.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2025-20087 | Med | 0.44 | 6.7 | 0.00 | Aug 12, 2025 | Incorrect default permissions for some Intel(R) oneAPI DPC++/C++ Compiler software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2025-20023 | Med | 0.44 | 6.7 | 0.00 | Aug 12, 2025 | Incorrect default permissions for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2025-48959 | Med | 0.44 | 6.7 | 0.00 | Jun 4, 2025 | Local privilege escalation due to insecure file permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40077. | |
| CVE-2025-20095 | Med | 0.44 | 6.7 | 0.00 | May 13, 2025 | Incorrect Default Permissions for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-47550 | Med | 0.44 | 6.7 | 0.00 | May 13, 2025 | Incorrect default permissions for some Endurance Gaming Mode software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-28954 | Med | 0.44 | 6.7 | 0.00 | May 13, 2025 | Incorrect default permissions for some Intel(R) Graphics Driver installers may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-42419 | Med | 0.44 | 6.7 | 0.00 | Feb 12, 2025 | Incorrect default permissions for some Intel(R) GPA and Intel(R) GPA Framework software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-32942 | Med | 0.44 | 6.7 | 0.00 | Feb 12, 2025 | Incorrect default permissions for some Intel(R) DSA installer for Windows before version 24.2.19.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2025-24826 | Med | 0.44 | 6.7 | 0.00 | Jan 28, 2025 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4625. | |
| CVE-2024-50657 | Med | 0.44 | 6.8 | 0.03 | Nov 22, 2024 | An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method | |
| CVE-2024-29083 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Incorrect default permissions in some Intel(R) Distribution for Python software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-25647 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Incorrect default permissions for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2023-42133 | Med | 0.44 | 6.7 | 0.00 | Oct 11, 2024 | PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in firmware version PayDroid_8.1.0_Sagittarius_V11.1.61_20240226. | |
| CVE-2024-23974 | Med | 0.44 | 6.7 | 0.00 | Aug 14, 2024 | Incorrect default permissions in some Intel(R) ISH software installers may allow an authenticated user to potentially enable escalation of privilege via local access. |