Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-52361

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-01 Aug, 2025 | 00:00
Updated At-03 Nov, 2025 | 20:05
Rejected At-
Credits

Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to execute arbitrary commands with root privilege via editing this script which is executed with root-privileges on any interaction and on every system boot.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:01 Aug, 2025 | 00:00
Updated At:03 Nov, 2025 | 20:05
Rejected At:
â–¼CVE Numbering Authority (CNA)

Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to execute arbitrary commands with root privilege via editing this script which is executed with root-privileges on any interaction and on every system boot.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ak-nord.de/usbserver-usb--usb-converter--usb-auf-ethernet--usb-to-ethernet--usb-auf-lan--usb-server--usb-konverter--print-server-80.html
N/A
https://seclists.org/fulldisclosure/2025/Jul/20
N/A
Hyperlink: https://www.ak-nord.de/usbserver-usb--usb-converter--usb-auf-ethernet--usb-to-ethernet--usb-auf-lan--usb-server--usb-konverter--print-server-80.html
Resource: N/A
Hyperlink: https://seclists.org/fulldisclosure/2025/Jul/20
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-276CWE-276 Incorrect Default Permissions
Type: CWE
CWE ID: CWE-276
Description: CWE-276 Incorrect Default Permissions
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://seclists.org/fulldisclosure/2025/Jul/20
N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Jul/20
Resource: N/A
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:01 Aug, 2025 | 16:15
Updated At:03 Nov, 2025 | 20:19

Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to execute arbitrary commands with root privilege via editing this script which is executed with root-privileges on any interaction and on every system boot.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-276Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-276
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://seclists.org/fulldisclosure/2025/Jul/20cve@mitre.org
N/A
https://www.ak-nord.de/usbserver-usb--usb-converter--usb-auf-ethernet--usb-to-ethernet--usb-auf-lan--usb-server--usb-konverter--print-server-80.htmlcve@mitre.org
N/A
http://seclists.org/fulldisclosure/2025/Jul/20af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://seclists.org/fulldisclosure/2025/Jul/20
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.ak-nord.de/usbserver-usb--usb-converter--usb-auf-ethernet--usb-to-ethernet--usb-auf-lan--usb-server--usb-konverter--print-server-80.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Jul/20
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

371Records found
CVE-2023-27305
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.82%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-02 Aug, 2024 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-windowsarc_a_graphicsiris_xe_graphicsIntel(R) Arc(TM) Control software
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-20246
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.44%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 15:08
Updated-03 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WindowManager, there is a possible bypass of the restrictions for starting activities from the background due to an incorrect UID/permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230493191

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-21126
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.96%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 00:00
Updated-18 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitrary activity under SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-271846393

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-21107
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.51%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 00:00
Updated-24 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259385017

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-25941
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.59%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 10:22
Updated-11 Feb, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-24460
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-23 Jan, 2025 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-graphics_performance_analyzersIntel(R) GPA software installersgraphics_performance_analyzer
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-1038
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.06%
||
7 Day CHG~0.00%
Published-21 Nov, 2022 | 20:38
Updated-29 Apr, 2025 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP software.

Action-Not Available
Vendor-HP Inc.
Product-laptop_17-by0xxxomen_15-ax0xxlaptop_15q-dy1xxxenvy_laptop_17m-ae0xxenvy_x360_convertible_pc_15m-bp1xxnotebook_pc_15-be1xx250_g6_notebook_pcenvy_laptop_17m-bw0xxxomen_15-ax1xxnotebook_14-au0xxprobook_640_g3laptop_14s-dy0xxxprodesk_600_g3_microtower_pcnotebook_14-aq1xxomen_17-an1xxconvertible_x360_11-ab1xxstream_11_pro_g3_notebook_pcengage_one_aio_systempavilion_x360_convertible_11m-ad1xxelitebook_850_g3prodesk_480_g5_microtower_pcelitedesk_800_g4_sffspectre_x360_convertible_15-ap0xxnotebook_15-bf1xxlaptop_14-bw0xxstream_laptop_11-y1xxlaptop_14q-bu1xxprobook_455_g6pavilion_x360_convertible_15-dq0xxxpavilion_notebook_17-ab3xxlaptop_15g-dx0xxxomen_17-an0xxlaptop_15s-fy0xxxprobook_650_g2zbook_17_g4envy_notebook_17-u1xxconvertible_x360_11-ab0xxpavilion_laptop_14-ce1xxxlaptop_15-dy0xxxzbook_15_g3laptop_14q-cy0xxxpavilion_x360_convertible_14-cc0xxspectre_x360_convertible_15-bl1xxlaptop_14-bp1xxlaptop_14-cf0xxxpavilion_laptop_14-bk0xxx360_310_g2_convertible_pcelitebook_840r_g4elitedesk_705_g2_mt_sffspectre_x360_convertible_13-w0xxprodesk_400_g4_microtowerlaptop_15-di0xxxlaptop_15-bs5xxenvy_notebook_17-s1xxlaptop_14s-cr0xxxpavilion_gaming_laptop_15-cx0xxxeliteone_800_g2pavilion_x360_convertible_14q-dh0xxxenvy_laptop_13-ah0xxxprobook_450_g3envy_x360_convertible_m6-ar0xxpavilion_laptop_15-cc7xxprobook_470_g4stream_14_pro_notebook_pcnotebook_14-ar0xxprodesk_600_g2_dmelitebook_725_g4laptop_14s-dk0xxxpavilion_15-bc000_notebook_pc_series_\(touch\)290_g1_microtower_pclaptop_15-db0xxxpavilion_x360_convertible_11-ad1xxprodesk_480_g4_microtower_pcpavilion_gaming_laptop_15-dk0xxxproone_440_g4zbook_15u_g3envy_x360_convertible_13-y0xxlaptop_15q-bu1xxpavilion_x360_convertible_15-br0xxzhan_66_pro_15_g2laptop_14-bs1xxpavilion_14_g1_notebook_pcpavilion_x360_convertible_14m-dh0xxxlaptop_14s-dm0xxxlaptop_14s-bc1xxproone_600_g2laptop_14s-dr0xxxelitedesk_800_g2_sffnotebook_17-x1xxpavilion_x360_convertible_14q-cd1xxxprodesk_400_g5_microtowerenvy_x360_convertible_15-w2xxelitebook_745_g5notebook_14-as0xxlaptop_15g-dr0xxxomen_17-cb0xxxlaptop_17-ak0xxenvy_x360_convertible_pc_15m-bp0xxprobook_430_g4laptop_14g-cr0xxxnotebook_17-ad1xxpavilion_notebook_17-ab0xxlaptop_15g-br0xxpavilion_x360_convertible_14m-ba1xxelitebook_755_g5envy_notebook_15-as1xxlaptop_14q-cy1xxxstream_14-ax000_laptop_pcstream_11_pro_g4pavilion_x360_convertible_11-u1xx15-f200_notebook_pc_touchprobook_440_g3laptop_15-bs1xxnotebook_14-an0xxlaptop_14s-bc0xxpavilion_x360_convertible_15-bk1xxnotebook_14-am1xxenvy_x360_convertible_15m-dr0xxxpro_tablet_608_g1notebook_15-f3xxnotebook_14-ar1xxlaptop_15-ra0xxzbook_14u_g4pro_x2_612_g2260_g3_desktop_minilaptop_14s-bp0xxpavilion_x360_convertible_m1-u0xxprodesk_680_g2_microtower_pcelitedesk_800_65w_g2_desktop_mini_pcpavilion_x360_convertible_14-cc1xxzhan_99_g1_mobile_workstationeliteone_1000_g2pavilion_15-bc000_notebook_pc_seriesenvy_x360_convertible_15m-cn0xxxpavilion_laptop_14-bf0xxlaptop_15g-bx0xxnotebook_14-aq0xxpavilion_notebook_15-bc3xxprobook_430_g3probook_11_g2250_g5_notebook_pc260_g3_desktop_mini_pcspectre_x2_detachable_12-c0xxprodesk_400_g3_sfflaptop_14g-br1xxlaptop_15s-dr0xxxlaptop_15-bs2xxnotebook_15-bg1xxelitebook_725_g3elitebook_1030_g1envy_laptop_17m-ce0xxxpavilion_laptop_15-cs0xxxpavilion_laptop_17-ar0xxenvy_x360_convertible_15-aq1xxprodesk_400_g3_dmspectre_folio_convertible_13-ak0xxxprodesk_600_g3_desktop_minipavilion_laptop_15-ck0xx280_g3_pci_microtower_pcelitedesk_800_g3_sff255_g7_notebook_pcelitebook_745_g4probook_650_g3envy_laptop_17-ce0xxxelitebook_revolve_810_g3elitebook_846_g5pavilion_notebook_15-dp0xxx255_g5_notebook_pcnotebook_15-ba0xxlaptop_14-di0xxxelitebook_1050_g1laptop_14-dk0xxxspectre_pro_x360_g2_convertible_pcelitedesk_800_35w_g2_desktop_mini_pclaptop_17-ca0xxxpavilion_x360_14_g1_convertible_pcenvy_x360_convertible_15-bq0xx255_g6_notebook_pcpavilion_laptop_15-cs1xxxlaptop_14-di1xxxpavilion_laptop_14-ce0xxxzbook_17_g2notebook_17-x0xx240_g5_notebook_pcprobook_455_g3probook_655_g2vr_backpack_g2zhan_66_pro_a_g1spectre_x360_convertible_15-ch0xx288_pro_g3_microtower_pcelitedesk_880_g4_tower_pcelitebook_840_g5_healthcare_editionlaptop_15-dw0xxxpavilion_x360_convertible_11m-ad0xxstream_laptop_11-ak0xxxelitebook_830_g5zbook_15_g2laptop_14-cm1xxxenvy_x360_convertible_15-cn0xxxlaptop_14s-be0xxzbook_studio_g4probook_446_g3envy_laptop_17m-ae1xxlaptop_14q-bu0xxlaptop_14s-cs1xxxomen_15-dc0xxxspectre_x360_convertible_15-df0xxxlaptop_17g-cr0xxxpavilion_17-ab000_notebook_pc_series_\(touch\)laptop_17-by1xxxelitedesk_800_65w_g3_desktop_mini_pcelitedesk_705_g4_microtower_pcspectre_laptop_13-af0xxspectre_x360_convertible_13-ap0xxxpavilion_laptop_15-cw1xxxelitebook_1040_g2elitebook_755_g4zbook_15u_g4elitedesk_705_g3_microtower_pcprobook_440_g6laptop_14s-cs0xxxlaptop_15-bw5xxnotebook_pc_15-bd1xxlaptop_17-bs0xxprobook_x360_11_g3_education_editionelitebook_828_g3eliteone_1000_g1envy_x360_convertible_13-ar0xxxpavilion_power_laptop_15-cb0xxpavilion_laptop_14-bf6xxproone_600_g4spectre_notebook_13-v1xxenvy_x360_convertible_pc_15-bp1xxnotebook_pc_15-be0xxlaptop_14-bs0xxlaptop_14-bs5xxenvy_notebook_15-as0xxenvy_x360_convertible_15m-bq1xxlaptop_14s-dp0xxxlaptop_14-ma1xxxenvy_x360_convertible_13m-ar0xxxelitebook_840_g3stream_11_pro_g5_notebook_pcprobook_640_g4probook_645_g3elitebook_840_g4omen_15-dg0xxxpavilion_notebook_14-al1xxpavilion_notebook_17-ab2xxprodesk_600_g2_sffomen_17-w0xxprodesk_600_g3_sffnotebook_pc_15-ay1xxenvy_x360_convertible_15m-cp0xxxlaptop_15-di1xxxpavilion_x360_convertible_14-ba2xxpavilion_laptop_15-cu1xxxprodesk_400_g2_dmelitedesk_800_35w_g3_desktop_mini_pclaptop_14g-cx0xxxeliteone_800_g3pavilion_x360_convertible_11-u0xxpavilion_laptop_15-cc5xxelitedesk_880_g3_tower_pczbook_studio_g5elitebook_840_g5laptop_14s-bp1xxlaptop_15-bs0xxenvy_x360_convertible_15-aq2xxlaptop_14q-bu2xxenvy_laptop_13-ad0xxlaptop_15q-ds0xxxlaptop_14q-cs0xxxprobook_x360_440_g1pavilion_notebook_15-bc4xxelitebook_820_g4laptop_14g-cx1xxxnotebook_15-bg0xxlaptop_15-bw6xxelitebook_850_g5pavilion_x360_convertible_11m-ap0xxxlaptop_15q-by0xxlaptop_15g-br1xxpavilion_x360_convertible_15-br1xxlaptop_14-ck0xxxpavilion_laptop_15-cc0xxenvy_x360_convertible_pc_15-bp000elitebook_848_g3elitebook_x360_1040_g5elitebook_755_g3elitebook_folio_g1pavilion_x360_convertible_15-cr0xxxlaptop_14g-br2xxprobook_650_g4pavilion_x360_convertible_14-ba1xxenvy_x360_convertible_13-ag0xxxlaptop_14-bs2xxenvy_x360_convertible_15m-bq0xxspectre_x360_convertible_13-42xxprodesk_680_g4_microtower_pc\(with_pci_slot\)notebook_17-ac0xxlaptop_17g-br1xxenvy_notebook_13-d1xxzhan_86_pro_g1elite_x2_1013_g3elitebook_x360_1020_g2spectre_x360_convertible_13-ae0xxelitebook_x360_1030_g3envy_x360_convertible_15-dr0xxxzhan_66_pro_13_g2laptop_15-bs6xxenvy_laptop_17-bw0xxxzbook_studio_x360_g5zhan_66_pro_14_g2probook_445_g6elitedesk_800_g3_tower_pcelitedesk_705_g3_desktop_minilaptop_14s-dq0xxxprobook_645_g2notebook_17-ac1xxpavilion_notebook_17-ab4xxprodesk_680_g3_microtower_pczbook_15v_g5_mobile_workstation280_g3_microtower_pcpavilion_notebook_14-al0xxlaptop_14q-by0xxenvy_laptop_13-aq0xxxenvy_x360_convertible_15-ds0xxxprobook_430_g5laptop_15q-dy0xxxelitedesk_800_65w_g4_desktop_mini_pcpavilion_x360_convertible_14-dh0xxxpavilion_notebook_14-av0xxprobook_x360_11_g2laptop_15s-du0xxxnotebook_15-ba1xxnotebook_pc_15-ay0xxelitedesk_800_g2_twrprodesk_400_g4_sffpavilion_notebook_15-au0xxlaptop_17q-cs0xxxspectre_x360_convertible_15-bl0xx340_g5_notebook_pcomen_15-ce0xxlaptop_15g-dx1xxxomen_17-ap0xxelitebook_828_g4elitebook_850_g4pavilion_x360_convertible_14m-ba0xxelitebook_x360_1030_g2engage_go_mobile_system258_g7_notebook_pcenvy_x360_convertible_15-cp0xxxenvy_x2_detachable_12-g0xxlaptop_15-bs7xxlaptop_14-dq0xxxenvy_laptop_13-ah1xxxlaptop_17-bs1xxlaptop_14s-be1xxelitebook_820_g3pavilion_x360_convertible_14-ba0xxlaptop_15-ra1xxelite_x2_1012_g2pavilion_laptop_14-ce2xxxspectre_laptop_13-af1xxenvy_laptop_17-ae0xxpavilion_x360_convertible_13-u0xxpavilion_gaming_laptop_17-cd0xxxlaptop_14-cf1xxxzhan_66_pro_g1envy_notebook_17-u2xxelitebook_836_g5pavilion_notebook_15-au1xxprodesk_400_g4_dmproone_400_g2laptop_17q-bu1xxlaptop_17-ca1xxxnotebook_14-am0xxpavilion_x360_convertible_m1-u1xxomen_15-ax2xxenvy_x360_convertible_15-bq1xxpavilion_x360_convertible_14q-cd0xxxlaptop_14s-cr1xxxprobook_455_g4probook_450_g4laptop_17g-cr1xxxlaptop_14g-br0xxenvy_x360_convertible_13m-ag0xxxlaptop_15q-ds1xxxlaptop_14g-cr1xxxeliteone_800_g4omen_17-w1xxprobook_470_g5pavilion_x360_convertible_11-ad0xxomen_15-ce1xxpavilion_laptop_15-cu0xxxlaptop_15-db1xxxlaptop_14-cm0xxxenvy_x360_convertible_15-bq2xxlaptop_17g-br0xxnotebook_pc_15-ay5xxlaptop_15s-fq0xxxpro_x2_612_g1laptop_15-da0xxxlaptop_14q-cs1xxxnotebook_17-y0xxpavilion_laptop_15-cc6xxelitedesk_880_g2_tower_pcpavilion_15-bc500_laptopprobook_655_g3elitedesk_800_g4_tower_pcnotebook_15-bf0xxpavilion_notebook_17-g2xxlaptop_14-bs6xxpavilion_laptop_14-bf1xxenvy_x360_convertible_15-aq0xxproone_600_g3laptop_15s-dy0xxxlaptop_15-da1xxxpavilion_x360_convertible_m3-s000pavilion_laptop_15-cs2xxxpavilion_x360_convertible_11-ap0xxxlaptop_15s-fr0xxxlaptop_14-ma0xxxlaptop_15-bw0xxpavilion_notebook_15-aw1xxenvy_x360_convertible_15m-ds0xxxpavilion_laptop_15-cc1xxprobook_645_g4laptop_15g-dr1xxxpavilion_laptop_15-cd0xxprobook_x360_11_g1zbook_15_g5notebook_pc_15-bd0xx240_g6_notebook_pcprobook_450_g5pavilion_notebook_15-bc2xxenvy_laptop_17-ae1xx240_g7_notebook_pcpavilion_laptop_14-bk1xxomen_15-dh0xxxelitebook_1040_g4elitebook_735_g5notebook_17-ad0xxprodesk_600_g2_microtower_pcelitedesk_705_g3_sff_pcpavilion_x360_convertible_15-bk0xxprobook_470_g3laptop_17q-cs1xxxenvy_x360_convertible_15-ar0xxenvy_x360_convertible_15-cn1xxxengage_flex_pro-c_retail_systempavilion_x360_convertible_13-u1xxspectre_x360_convertible_13-ac0xxspectre_pro_13_g1_notebook_pcpavilion_laptop_15-cw0xxxelitebook_848_g4omen_17-w2xxprobook_640_g2pavilion_laptop_13-an0xxxprobook_440_g5probook_430_g6laptop_17q-bu0xxlaptop_14s-cf0xxx245_g6_notebook_pcstream_11_pro_g4_notebook_pcelite_x2_1012_g1laptop_14-bp0xxlaptop_14s-cf1xxxprobook_440_g4probook_450_g6pavilion_notebook_17-g1xxproone_480_g3zbook_15_g4245_g7_notebook_pcenvy_laptop_13-ad1xxlaptop_14-ck1xxxjumpstartlaptop_15q-bu0xxlaptop_14g-bx0xxspectre_notebook_13-v0xxHP Jumpstart
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-47761
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 3.15%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 15:52
Updated-16 Jan, 2026 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MilleGPG5 5.7.2 Luglio 2021 (x64) - Local Privilege Escalation

MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restarts.

Action-Not Available
Vendor-Millegpg
Product-MilleGPG5
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-0486
Matching Score-4
Assigner-Fidelis Security, LLC
ShareView Details
Matching Score-4
Assigner-Fidelis Security, LLC
CVSS Score-4.4||MEDIUM
EPSS-0.13% / 32.54%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 19:32
Updated-16 Sep, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privileged Command Injection Vulnerability in Fidelis Network and Deception

Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.

Action-Not Available
Vendor-fidelissecurityFidelis Cybersecurity
Product-deceptionnetworkFidelis DeceptionFidelis Network
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-47040
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.39%
||
7 Day CHG~0.00%
Published-24 Jan, 2023 | 00:00
Updated-02 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 allows attackers to escalate privileges via running the tcpdump command after placing a crafted file in the /tmp directory and sending crafted packets through port 80.

Action-Not Available
Vendor-n/aAskey Computer Corp.
Product-rtf3505vw-n1rtf3505vw-n1_firmwaren/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-4569
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.66%
||
7 Day CHG+0.01%
Published-05 Jun, 2023 | 20:59
Updated-08 Jan, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_hybrid_usb-c_with_usb-a_dockthinkpad_hybrid_usb-c_with_usb-a_dock_firmwareThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-45153
Matching Score-4
Assigner-SUSE
ShareView Details
Matching Score-4
Assigner-SUSE
CVSS Score-7||HIGH
EPSS-0.15% / 35.10%
||
7 Day CHG-0.01%
Published-15 Feb, 2023 | 00:00
Updated-18 Mar, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
saphanabootstrap-formula: Escalation to root for arbitrary users in hana/ha_cluster.sls

An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e.

Action-Not Available
Vendor-openSUSESUSE
Product-linux_enterprise_module_for_sap_applicationslinux_enterprise_serverleapSUSE Linux Enterprise Module for SAP Applications 15-SP1openSUSE Leap 15.4SUSE Linux Enterprise Server for SAP 12-SP5
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-45452
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-7.3||HIGH
EPSS-0.03% / 8.49%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 09:21
Updated-22 Jan, 2025 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984.

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-cyber_protectwindowsagentAcronis Cyber Protect 15Acronis Agent
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-11097
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.39%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 21:08
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper directory permissions in the installer for Intel(R) Management Engine Consumer Driver for Windows before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45,13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-trusted_execution_engine_firmwareIntel(R) Management Engine
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-43701
Matching Score-4
Assigner-Arm Limited
ShareView Details
Matching Score-4
Assigner-Arm Limited
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.40%
||
7 Day CHG~0.00%
Published-27 Jul, 2023 | 21:28
Updated-13 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure directory permissions on installer files

When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.

Action-Not Available
Vendor-Arm Limited
Product-ds_development_studiolinaro_forgearm_compilerfast_modelsmbed_studioarm_compiler_for_embedded_fusaarm_mobile_studioarm_development_studioarm_compiler_for_functional_safetygnu_toolchainkeil_mdkArm Compiler 5 (AC5), Arm Compiler for Embedded 6 (AC6), Fast Models (FM), Arm Compiler for Embedded FuSA (ACEF), Arm Development Studio (ADS), Arm Forge (AF), Arm Mobile Studio (AMS), DS-5 Development Studio, Fast Models (FM), GNU Toolchain (GT), Keil MDK (KMDK), Mbed Studio (MS)
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-43702
Matching Score-4
Assigner-Arm Limited
ShareView Details
Matching Score-4
Assigner-Arm Limited
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.55%
||
7 Day CHG~0.00%
Published-27 Jul, 2023 | 21:47
Updated-13 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incomplete verification of installation file signature

When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.

Action-Not Available
Vendor-Arm Limited
Product-ds_development_studioarm_compilerfast_modelsarm_compiler_for_embedded_fusaarm_development_studioarm_compiler_for_functional_safetyArm Compiler 5 (AC5), Arm Compiler for Embedded 6 (AC6), Fast Models (FM), Arm Compiler for Embedded FuSA (ACEF), Arm Development Studio (ADS), Arm Forge (AF), Arm Mobile Studio (AMS), DS-5 Development Studio, Fast Models (FM), GNU Toolchain (GT), Keil MDK (KMDK), Mbed Studio (MS)
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-284
Improper Access Control
CVE-2019-10679
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.27%
||
7 Day CHG~0.00%
Published-03 Sep, 2020 | 14:40
Updated-04 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because of weak %PROGRAMFILES(X86)%\Thomson Reuters\Eikon permissions.

Action-Not Available
Vendor-thomsonreutersn/a
Product-eikonn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-13540
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.3||CRITICAL
EPSS-0.05% / 14.34%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 15:43
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed.

Action-Not Available
Vendor-win911n/a
Product-win-911Win-911
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2018-9401
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.96%
||
7 Day CHG-0.00%
Published-17 Jan, 2025 | 23:17
Updated-10 Jul, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In many locations, there is a possible way to access kernel memory in user space due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-40154
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 15.64%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:38
Updated-23 Oct, 2024 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the Intel(R) SUR for Gameplay Software before version 2.0.1901 may allow privillaged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-system_usage_reportIntel(R) SUR for Gameplay Softwaresystem_usage_report
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-29570
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.62%
||
7 Day CHG~0.00%
Published-03 Apr, 2025 | 00:00
Updated-20 Aug, 2025 | 02:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 allows a local attacker to escalate privileges via the function tftp_image_check of a binary named rc.

Action-Not Available
Vendor-szlbtn/a
Product-lbt-t300-t400_firmwarelbt-t300-t400n/a
CWE ID-CWE-276
Incorrect Default Permissions
  • Previous
  • 1
  • 2
  • ...
  • 6
  • 7
  • 8
  • Next
Details not found