CWE-377
Insecure Temporary File
Description
Creating and using insecure temporary files can leave application and system data vulnerable to attack.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-149 · CAPEC-155
CVEs mapped to this weakness (63)
page 2 of 4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-23287 | Med | 0.36 | 5.5 | 0.01 | Mar 8, 2024 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access user-sensitive data. | ||
| CVE-2017-7560 | Med | 0.36 | 5.5 | 0.00 | Sep 13, 2017 | It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes. | ||
| CVE-2024-34490 | Med | 0.33 | 5.1 | 0.00 | May 5, 2024 | In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d. | ||
| CVE-2025-9474 | Med | 0.29 | 4.5 | 0.00 | Aug 26, 2025 | A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. The attack requires… | ||
| CVE-2023-38037 | Med | 0.29 | 5.5 | 0.00 | Jan 9, 2025 | ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary… | ||
| CVE-2017-15111 | Med | 0.29 | 5.5 | 0.00 | Jan 20, 2018 | keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link. | ||
| CVE-2026-41001 | Med | 0.27 | 5.3 | 0.00 | Jun 11, 2026 | Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the… | ||
| CVE-2026-35342 | Low | 0.14 | 3.3 | 0.00 | Apr 22, 2026 | The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be… | ||
| CVE-2026-25645 | 0.00 | — | 0.00 | Mar 25, 2026 | Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without… | |||
| CVE-2025-66625 | 0.00 | — | 0.00 | Dec 9, 2025 | Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s… | |||
| CVE-2025-14307 | 0.00 | — | 0.00 | Dec 9, 2025 | An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or… | |||
| CVE-2025-7707 | 0.00 | — | 0.00 | Oct 13, 2025 | The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential… | |||
| CVE-2024-22236 | 0.00 | — | 0.00 | Jan 31, 2024 | In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded… | |||
| CVE-2023-43498 | 0.00 | — | 0.01 | Sep 20, 2023 | In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the… | |||
| CVE-2023-33695 | — | 0.00 | — | 0.00 | Jun 13, 2023 | Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java. | ||
| CVE-2023-2800 | — | 0.00 | — | 0.00 | May 18, 2023 | Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0. | ||
| CVE-2022-24913 | 0.00 | — | 0.00 | Jan 12, 2023 | Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents. | |||
| CVE-2018-25068 | — | 0.00 | — | 0.01 | Jan 6, 2023 | A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.… | ||
| CVE-2022-3952 | 0.00 | — | 0.01 | Nov 11, 2022 | A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure… | |||
| CVE-2021-3702 | — | 0.00 | — | 0.00 | Aug 23, 2022 | A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir the next time ansible-runner made use of… |
- risk 0.36cvss 5.5epss 0.01
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access user-sensitive data.
- risk 0.36cvss 5.5epss 0.00
It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes.
- risk 0.33cvss 5.1epss 0.00
In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d.
- risk 0.29cvss 4.5epss 0.00
A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. The attack requires…
- risk 0.29cvss 5.5epss 0.00
ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary…
- risk 0.29cvss 5.5epss 0.00
keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.
- risk 0.27cvss 5.3epss 0.00
Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the…
- risk 0.14cvss 3.3epss 0.00
The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be…
- CVE-2026-25645Mar 25, 2026risk 0.00cvss —epss 0.00
Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without…
- CVE-2025-66625Dec 9, 2025risk 0.00cvss —epss 0.00
Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s…
- CVE-2025-14307Dec 9, 2025risk 0.00cvss —epss 0.00
An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or…
- CVE-2025-7707Oct 13, 2025risk 0.00cvss —epss 0.00
The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential…
- CVE-2024-22236Jan 31, 2024risk 0.00cvss —epss 0.00
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded…
- CVE-2023-43498Sep 20, 2023risk 0.00cvss —epss 0.01
In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the…
- CVE-2023-33695Jun 13, 2023risk 0.00cvss —epss 0.00
Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java.
- CVE-2023-2800May 18, 2023risk 0.00cvss —epss 0.00
Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0.
- CVE-2022-24913Jan 12, 2023risk 0.00cvss —epss 0.00
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.
- CVE-2018-25068Jan 6, 2023risk 0.00cvss —epss 0.01
A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.…
- CVE-2022-3952Nov 11, 2022risk 0.00cvss —epss 0.01
A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure…
- CVE-2021-3702Aug 23, 2022risk 0.00cvss —epss 0.00
A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir the next time ansible-runner made use of…