VYPR

CWE-276

Incorrect Default Permissions

BaseDraftLikelihood: Medium

Description

During installation, installed file permissions are set to allow anyone to modify those files.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1 · CAPEC-127 · CAPEC-81

CVEs mapped to this weakness (474)

page 11 of 24
  • CVE-2026-36742MedMay 13, 2026
    risk 0.44cvss 6.8epss 0.00

    Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected (hidden/debug mode).

  • CVE-2025-36522MedFeb 10, 2026
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions for some Intel(R) Chipset Software before version 10.1.20266.8668 or later. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable…

  • CVE-2025-36511MedFeb 10, 2026
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions for some Intel(R) Memory and Storage Tool before version 2.5.2 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation…

  • CVE-2025-32453MedFeb 10, 2026
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions for some Intel(R) Graphics Driver software within Ring 2: Privileged Process may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege.…

  • CVE-2025-31655MedFeb 10, 2026
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions for some Intel(R) Battery Life Diagnostic Tool within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of…

  • CVE-2025-22849MedFeb 10, 2026
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions for the Intel(R) Optane(TM) PMem management software before versions CR_MGMT_01.00.00.3584, CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an…

  • CVE-2026-0705MedJan 27, 2026
    risk 0.44cvss 6.7epss 0.00

    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.4.25342.354.

  • CVE-2025-31940MedNov 11, 2025
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions for some Intel(R) Thread Director Visualizer software before version 1.1.1 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may…

  • CVE-2025-30518MedNov 11, 2025
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions for some Intel(R) PresentMon before version 2.3.1 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of…

  • CVE-2025-27711MedNov 11, 2025
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions for some Intel(R) One Boot Flash Update (Intel(R) OFU) software before version 14.1.31 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity…

  • CVE-2025-27246MedNov 11, 2025
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions for the Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable…

  • CVE-2025-12100HigOct 23, 2025
    risk 0.44cvss 7.8epss 0.00

    Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6.

  • CVE-2025-27559MedAug 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions for some AI Playground software before version v2.3.0 alpha may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2025-26470MedAug 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions for some Intel(R) Distribution for Python software installers before version 2025.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2025-20087MedAug 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions for some Intel(R) oneAPI DPC++/C++ Compiler software installers may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2025-20023MedAug 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2025-48959MedJun 4, 2025
    risk 0.44cvss 6.7epss 0.00

    Local privilege escalation due to insecure file permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40077.

  • CVE-2025-20095MedMay 13, 2025
    risk 0.44cvss 6.7epss 0.00

    Incorrect Default Permissions for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-47550MedMay 13, 2025
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions for some Endurance Gaming Mode software installers may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-28954MedMay 13, 2025
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions for some Intel(R) Graphics Driver installers may allow an authenticated user to potentially enable escalation of privilege via local access.