CWE-732
Incorrect Permission Assignment for Critical Resource
ClassDraftLikelihood: High
Description
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
When a resource is given a permission setting that provides access to a wider range of actors than required, it could lead to the exposure of sensitive information, or the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution, or sensitive user data. For example, consider a misconfigured storage account for the cloud that can be read or written by a public or anonymous user.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-1 · CAPEC-122 · CAPEC-127 · CAPEC-17 · CAPEC-180 · CAPEC-206 · CAPEC-234 · CAPEC-60 · CAPEC-61 · CAPEC-62 · CAPEC-642
CVEs mapped to this weakness (295)
page 3 of 15| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-36938 | Hig | 0.57 | 8.8 | 0.00 | Jan 27, 2026 | WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated users to modify system files and executables. Attackers can leverage the overly permissive access controls to potentially modify critical DLLs and executable files in the WinAVR installation directory. | |
| CVE-2020-36916 | Hig | 0.57 | 8.8 | 0.00 | Jan 6, 2026 | TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system access. | |
| CVE-2021-47742 | Hig | 0.57 | 8.8 | 0.00 | Dec 31, 2025 | Epic Games Psyonix Rocket League <=1.95 contains an insecure permissions vulnerability that allows authenticated users to modify executable files with full access permissions. Attackers can leverage the 'F' (Full) flag for the 'Authenticated Users' group to change executable files and potentially escalate system privileges. | |
| CVE-2019-25245 | Hig | 0.57 | 8.8 | 0.00 | Dec 24, 2025 | Ross Video DashBoard 8.5.1 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files due to improper permission settings. Attackers can exploit the 'M' or 'C' flags for 'Authenticated Users' group to replace the DashBoard.exe binary with a malicious executable. | |
| CVE-2025-27216 | Hig | 0.57 | 8.8 | 0.00 | Aug 21, 2025 | Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges. | |
| CVE-2024-11497 | Hig | 0.57 | 8.8 | 0.00 | Jan 14, 2025 | An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access. | |
| CVE-2024-55411 | Hig | 0.57 | 8.8 | 0.00 | Jan 7, 2025 | An issue in the snxpcamd.sys component of SUNIX Multi I/O Card v10.1.0.0 allows attackers to perform arbitrary read and write actions via supplying crafted IOCTL requests. | |
| CVE-2024-41171 | Hig | 0.57 | 8.8 | 0.00 | Sep 10, 2024 | A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All versions < V5.24), SINUMERIK 840D sl V4 (All versions), SINUMERIK ONE (All versions < V6.24). Affected devices do not properly enforce access restrictions to scripts that are regularly executed by the system with elevated privileges. This could allow an authenticated local attacker to escalate their privileges in the underlying system. | |
| CVE-2024-3668 | Hig | 0.57 | 8.8 | 0.00 | Jun 8, 2024 | The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with administrator set as the default role and then register as an administrator. | |
| CVE-2021-38289 | Hig | 0.57 | 8.8 | 0.00 | Jul 12, 2022 | An issue has been discovered in Novastar-VNNOX-iCare Novaicare 7.16.0 that gives attacker privilege escalation and allows attackers to view corporate information and SMTP server details, delete users, view roles, and other unspecified impacts. NOTE: As of April 2026, the vendor has officially decommissioned the affected legacy endpoints and associated services. The vulnerability is mitigated as the functional logic is no longer operational and the URLs have been removed from production. | |
| CVE-2017-9514 | Hig | 0.57 | 8.8 | 0.00 | Oct 12, 2017 | Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo. | |
| CVE-2017-1000096 | Hig | 0.57 | 8.8 | 0.00 | Oct 5, 2017 | Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles. | |
| CVE-2017-0784 | Hig | 0.57 | 8.8 | 0.00 | Sep 8, 2017 | A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958. | |
| CVE-2017-11422 | Hig | 0.57 | 8.8 | 0.00 | Jul 24, 2017 | Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc. | |
| CVE-2017-1000022 | Hig | 0.57 | 8.8 | 0.00 | Jul 17, 2017 | LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation. | |
| CVE-2017-5199 | Hig | 0.57 | 8.8 | 0.03 | Mar 24, 2017 | The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl. | |
| CVE-2017-2290 | Hig | 0.57 | 8.8 | 0.00 | Mar 3, 2017 | On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run. Puppet Enterprise users are not affected. This is resolved in mcollective-puppet-agent 1.12.1. | |
| CVE-2017-0311 | Hig | 0.57 | 8.8 | 0.00 | Feb 15, 2017 | NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges. | |
| CVE-2007-6033 | Hig | 0.57 | 8.8 | 0.03 | Nov 20, 2007 | Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs. | |
| CVE-2025-34025 | Hig | 0.56 | — | 0.00 | May 21, 2025 | The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape can be used to trigger remote code execution or direct host access depending on the host operating system configuration.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable. |