CWE-272
Least Privilege Violation
The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.
CVE-2024-24830 (GCVE-0-2024-24830)
Vulnerability from cvelistv5
Published
2024-02-08 23:09
Modified
2025-08-27 15:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/{org_id}/users" endpoint. This vulnerability allows any authenticated regular user ('member') to add new users with elevated privileges, including the 'root' role, to an organization. This issue circumvents the intended security controls for role assignments. The vulnerability resides in the user creation process, where the payload does not validate the user roles. A regular user can manipulate the payload to assign root-level privileges. This vulnerability leads to Unauthorized Privilege Escalation and significantly compromises the application's role-based access control system. It allows unauthorized control over application resources and poses a risk to data security. All users, particularly those in administrative roles, are impacted. This issue has been addressed in release version 0.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/openobserve/openobserve/security/advisories/GHSA-hfxx-g56f-8h5v | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openobserve | openobserve |
Version: < 0.8.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/openobserve/openobserve/security/advisories/GHSA-hfxx-g56f-8h5v",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openobserve/openobserve/security/advisories/GHSA-hfxx-g56f-8h5v"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24830",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:41:08.107880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T15:38:45.873Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openobserve",
"vendor": "openobserve",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the \"/api/{org_id}/users\" endpoint. This vulnerability allows any authenticated regular user (\u0027member\u0027) to add new users with elevated privileges, including the \u0027root\u0027 role, to an organization. This issue circumvents the intended security controls for role assignments. The vulnerability resides in the user creation process, where the payload does not validate the user roles. A regular user can manipulate the payload to assign root-level privileges. This vulnerability leads to Unauthorized Privilege Escalation and significantly compromises the application\u0027s role-based access control system. It allows unauthorized control over application resources and poses a risk to data security. All users, particularly those in administrative roles, are impacted. This issue has been addressed in release version 0.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-272",
"description": "CWE-272: Least Privilege Violation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-08T23:09:16.222Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/openobserve/openobserve/security/advisories/GHSA-hfxx-g56f-8h5v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openobserve/openobserve/security/advisories/GHSA-hfxx-g56f-8h5v"
}
],
"source": {
"advisory": "GHSA-hfxx-g56f-8h5v",
"discovery": "UNKNOWN"
},
"title": "OpenObserve Privilege Escalation Vulnerability in Users API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24830",
"datePublished": "2024-02-08T23:09:16.222Z",
"dateReserved": "2024-01-31T16:28:17.947Z",
"dateUpdated": "2025-08-27T15:38:45.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1384 (GCVE-0-2025-1384)
Vulnerability from cvelistv5
Published
2025-07-13 23:42
Modified
2025-07-14 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-272 - Least Privilege Violation
Summary
Least Privilege Violation (CWE-272) Vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software. An attacker may use this vulnerability to perform unauthorized access and to execute unauthorized code remotely to the controller products.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T14:14:22.828617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T14:15:23.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"packageName": "NJ101-[][][][]",
"product": "Machine Automation Controller NJ-series",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "NJ101-[][][][] Ver.1.67.00 or lower"
}
]
},
{
"defaultStatus": "unknown",
"packageName": "NJ301-1[]00",
"product": "Machine Automation Controller NJ-series",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "NJ301-1[]00 Ver.1.67.00 or lower"
}
]
},
{
"defaultStatus": "unknown",
"packageName": "NJ501-1[]00",
"product": "Machine Automation Controller NJ-series",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "NJ501-1[]00 Ver.1.67.02 or lower"
}
]
},
{
"defaultStatus": "unknown",
"packageName": "NJ501-1[]20",
"product": "Machine Automation Controller NJ-series",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "NJ501-1[]20 Ver.1.68.01 or lower"
}
]
},
{
"defaultStatus": "unknown",
"packageName": "NJ501-1340",
"product": "Machine Automation Controller NJ-series",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "NJ501-1340 Ver.1.67.00 or lower"
}
]
},
{
"defaultStatus": "unknown",
"packageName": "NJ501-4[][][]",
"product": "Machine Automation Controller NJ-series",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "NJ501-4[][][] Ver.1.67.00 or lower"
}
]
},
{
"defaultStatus": "unknown",
"packageName": "NJ501-5300",
"product": "Machine Automation Controller NJ-series",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "NJ501-5300 Ver.1.67.01 or lower"
}
]
},
{
"defaultStatus": "unknown",
"packageName": "NJ501-R[]00",
"product": "Machine Automation Controller NJ-series",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "NJ501-R[]00 Ver.1.67.01 or lower"
}
]
},
{
"defaultStatus": "unknown",
"packageName": "NJ501-R[]20",
"product": "Machine Automation Controller NJ-series",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "NJ501-R[]20 Ver.1.67.00 or lower"
}
]
},
{
"defaultStatus": "unknown",
"packageName": "NX102-[][][][]",
"product": "Machine Automation Controller NX-series",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "NX102-[][][][] Ver.1.68.01 or lower"
}
]
},
{
"defaultStatus": "unknown",
"packageName": "NX1P2-[][][][][][]",
"product": "Machine Automation Controller NX-series",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "NX1P2-[][][][][][] Ver.1.64.09 or lower"
}
]
},
{
"defaultStatus": "unknown",
"packageName": "NX1P2-[][][][][][]1",
"product": "Machine Automation Controller NX-series",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "NX1P2-[][][][][][]1 Ver.1.64.09 or lower"
}
]
},
{
"defaultStatus": "unknown",
"packageName": "NX502-[][][][]",
"product": "Machine Automation Controller NX-series",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "NX502-[][][][] Ver.1.68.01 or lower"
}
]
},
{
"defaultStatus": "unknown",
"packageName": "NX701-[][][][]",
"product": "Machine Automation Controller NX-series",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "NX701-[][][][] Ver.1.35.09 or lower"
}
]
},
{
"defaultStatus": "unknown",
"packageName": "SYSMAC-SE2[][][]",
"product": "Sysmac Studio Software",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "SYSMAC-SE2[][][] all"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Least Privilege Violation (CWE-272) Vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software. An attacker may use this vulnerability to perform unauthorized access and to execute unauthorized code remotely to the controller products."
}
],
"value": "Least Privilege Violation (CWE-272) Vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software. An attacker may use this vulnerability to perform unauthorized access and to execute unauthorized code remotely to the controller products."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-272",
"description": "CWE-272 Least Privilege Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-13T23:42:09.953Z",
"orgId": "bba440f9-ef23-4224-aa62-7ac0935d18d1",
"shortName": "OMRON"
},
"references": [
{
"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2025-004_en.pdf"
},
{
"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/ja/OMSR-2025-004_ja.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The countermeasure against the vulnerability can be implemented by updating each product to the countermeasure version and setting the secure communication version 2.\u003cbr\u003eFor information on how to obtain and update the firmware for the countermeasure version of the product, please contact our sales office or distributors. \u003cbr\u003e"
}
],
"value": "The countermeasure against the vulnerability can be implemented by updating each product to the countermeasure version and setting the secure communication version 2.\nFor information on how to obtain and update the firmware for the countermeasure version of the product, please contact our sales office or distributors."
}
],
"source": {
"advisory": "OMSR-2025-004",
"discovery": "UNKNOWN"
},
"title": "Least Privilege Violation Vulnerability in the communications functions of NJ/NX-series Machine Automation Controllers",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OMRON recommends that customers take the following mitigation measures to minimize the risk of exploitation of this vulnerability.\u003cbr\u003e\u003cbr\u003e1. Secure Communication Function\u003cbr\u003eThe secure communication function can prevent data from being eavesdropped or tampered with by a third party. Secure communication is available in the following CPU Units of the stated versions.\u003cbr\u003e- NJ series, NX102, NX1P2 CPU Unit: Version 1.49 or higher\u003cbr\u003e- NX701 CPU Unit: Version 1.29 or higher\u003cbr\u003e- NX502 CPU Unit: Version 1.60 or higher\u003cbr\u003e\u003cbr\u003e2. Anti-virus protection\u003cbr\u003eProtect any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade anti-virus software protection.\u003cbr\u003e\u003cbr\u003e3. Security measures to prevent unauthorized access\u003cbr\u003e- Minimize connection of control systems and equipment to open networks, so that untrusted devices will be unable to access them.\u003cbr\u003e- Implement firewalls (by shutting down unused communications ports, limiting communications hosts) and isolate them from the IT network.\u003cbr\u003e- Use a virtual private network (VPN) for remote access to control systems and equipment.\u003cbr\u003e- Use strong passwords and change them frequently.\u003cbr\u003e- Install physical controls so that only authorized personnel can access control systems and equipment.\u003cbr\u003e- Scan virus to ensure safety of any USB drives or similar devices before connecting them to systems and devices.\u003cbr\u003e- Enforce multifactor authentication to all devices with remote access to control systems and equipment whenever possible.\u003cbr\u003e\u003cbr\u003e4. Data input and output protection\u003cbr\u003eValidation processing such as backup and range check to cope with unintentional modification of input/output data to control systems and devices.\u003cbr\u003e\u003cbr\u003e5. Data recovery\u003cbr\u003ePeriodical data backup and maintenance to prepare for data loss.\u003cbr\u003e"
}
],
"value": "OMRON recommends that customers take the following mitigation measures to minimize the risk of exploitation of this vulnerability.\n\n1. Secure Communication Function\nThe secure communication function can prevent data from being eavesdropped or tampered with by a third party. Secure communication is available in the following CPU Units of the stated versions.\n- NJ series, NX102, NX1P2 CPU Unit: Version 1.49 or higher\n- NX701 CPU Unit: Version 1.29 or higher\n- NX502 CPU Unit: Version 1.60 or higher\n\n2. Anti-virus protection\nProtect any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade anti-virus software protection.\n\n3. Security measures to prevent unauthorized access\n- Minimize connection of control systems and equipment to open networks, so that untrusted devices will be unable to access them.\n- Implement firewalls (by shutting down unused communications ports, limiting communications hosts) and isolate them from the IT network.\n- Use a virtual private network (VPN) for remote access to control systems and equipment.\n- Use strong passwords and change them frequently.\n- Install physical controls so that only authorized personnel can access control systems and equipment.\n- Scan virus to ensure safety of any USB drives or similar devices before connecting them to systems and devices.\n- Enforce multifactor authentication to all devices with remote access to control systems and equipment whenever possible.\n\n4. Data input and output protection\nValidation processing such as backup and range check to cope with unintentional modification of input/output data to control systems and devices.\n\n5. Data recovery\nPeriodical data backup and maintenance to prepare for data loss."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bba440f9-ef23-4224-aa62-7ac0935d18d1",
"assignerShortName": "OMRON",
"cveId": "CVE-2025-1384",
"datePublished": "2025-07-13T23:42:09.953Z",
"dateReserved": "2025-02-16T23:57:46.232Z",
"dateUpdated": "2025-07-14T14:15:23.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49144 (GCVE-0-2025-49144)
Vulnerability from cvelistv5
Published
2025-06-23 19:01
Modified
2025-07-01 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/notepad-plus-plus/notepad-plus-plus/security/advisories/GHSA-9vx8-v79m-6m24 | x_refsource_CONFIRM | |
| https://github.com/notepad-plus-plus/notepad-plus-plus/commit/f2346ea00d5b4d907ed39d8726b38d77c8198f30 | x_refsource_MISC | |
| https://drive.google.com/drive/folders/11yeUSWgqHvt4Bz5jO3ilRRfcpQZ6Gvpn | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| notepad-plus-plus | notepad-plus-plus |
Version: < 8.8.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49144",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T03:55:56.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "notepad-plus-plus",
"vendor": "notepad-plus-plus",
"versions": [
{
"status": "affected",
"version": "\u003c 8.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-272",
"description": "CWE-272: Least Privilege Violation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T19:01:16.276Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/notepad-plus-plus/notepad-plus-plus/security/advisories/GHSA-9vx8-v79m-6m24",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/notepad-plus-plus/notepad-plus-plus/security/advisories/GHSA-9vx8-v79m-6m24"
},
{
"name": "https://github.com/notepad-plus-plus/notepad-plus-plus/commit/f2346ea00d5b4d907ed39d8726b38d77c8198f30",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/notepad-plus-plus/notepad-plus-plus/commit/f2346ea00d5b4d907ed39d8726b38d77c8198f30"
},
{
"name": "https://drive.google.com/drive/folders/11yeUSWgqHvt4Bz5jO3ilRRfcpQZ6Gvpn",
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/drive/folders/11yeUSWgqHvt4Bz5jO3ilRRfcpQZ6Gvpn"
}
],
"source": {
"advisory": "GHSA-9vx8-v79m-6m24",
"discovery": "UNKNOWN"
},
"title": "Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49144",
"datePublished": "2025-06-23T19:01:16.276Z",
"dateReserved": "2025-06-02T10:39:41.634Z",
"dateUpdated": "2025-07-01T03:55:56.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7722 (GCVE-0-2025-7722)
Vulnerability from cvelistv5
Published
2025-07-23 02:24
Modified
2025-07-23 17:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-272 - Least Privilege Violation
Summary
The Social Streams plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user's identity prior to updating their user meta information in the update_user_meta() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change their user type to that of an administrator.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| steverio | Social Streams |
Version: * ≤ 1.0.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7722",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T17:43:28.526411Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T17:55:35.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Social Streams",
"vendor": "steverio",
"versions": [
{
"lessThanOrEqual": "1.0.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanh Nam Tran"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Social Streams plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user\u0027s identity prior to updating their user meta information in the update_user_meta() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change their user type to that of an administrator."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-272",
"description": "CWE-272 Least Privilege Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T02:24:40.269Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3f01b88-6f93-4ee8-8d59-9165ebcd4dd1?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/social-streams/trunk/src/php/JsonAPI.php#275"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-22T14:03:46.000+00:00",
"value": "Disclosed"
}
],
"title": "Social Streams \u003c= 1.2.1 - Authenticated (Subscriber+) Privilege Escalation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-7722",
"datePublished": "2025-07-23T02:24:40.269Z",
"dateReserved": "2025-07-16T17:16:08.340Z",
"dateUpdated": "2025-07-23T17:55:35.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8181 (GCVE-0-2025-8181)
Vulnerability from cvelistv5
Published
2025-07-26 07:02
Modified
2025-07-28 15:05
Severity ?
8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/RC:R
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/RC:R
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/RC:R
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/RC:R
VLAI Severity ?
EPSS score ?
Summary
A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.317595 | vdb-entry | |
| https://vuldb.com/?ctiid.317595 | signature, permissions-required | |
| https://vuldb.com/?submit.621966 | third-party-advisory | |
| https://vuldb.com/?submit.621968 | third-party-advisory | |
| https://www.notion.so/23a54a1113e780c08f3acca6a746d732 | related | |
| https://www.totolink.net/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T15:05:38.418732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T15:05:51.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"FTP Service"
],
"product": "N600R",
"vendor": "TOTOLINK",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
}
]
},
{
"modules": [
"FTP Service"
],
"product": "X2000R",
"vendor": "TOTOLINK",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TPCchecker (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in TOTOLINK N600R and X2000R 1.0.0.1 gefunden. Es betrifft eine unbekannte Funktion der Datei vsftpd.conf der Komponente FTP Service. Durch die Manipulation mit unbekannten Daten kann eine least privilege violation-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 8.3,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:ND/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-272",
"description": "Least Privilege Violation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-26T07:02:07.845Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317595 | TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.317595"
},
{
"name": "VDB-317595 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317595"
},
{
"name": "Submit #621966 | TOTOLINK N600R V4.3.0 Misconfiguration",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.621966"
},
{
"name": "Submit #621968 | TOTOLINK X2000R V1.0.0 Misconfiguration (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.621968"
},
{
"tags": [
"related"
],
"url": "https://www.notion.so/23a54a1113e780c08f3acca6a746d732"
},
{
"tags": [
"product"
],
"url": "https://www.totolink.net/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-25T10:29:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8181",
"datePublished": "2025-07-26T07:02:07.845Z",
"dateReserved": "2025-07-25T08:22:27.222Z",
"dateUpdated": "2025-07-28T15:05:51.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8757 (GCVE-0-2025-8757)
Vulnerability from cvelistv5
Published
2025-08-09 15:02
Modified
2025-08-12 16:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in TRENDnet TV-IP110WN 1.2.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /server/boa.conf of the component Embedded Boa Web Server. The manipulation leads to least privilege violation. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.319262 | vdb-entry | |
| https://vuldb.com/?ctiid.319262 | signature, permissions-required | |
| https://vuldb.com/?submit.624257 | third-party-advisory | |
| https://www.notion.so/23e54a1113e780569260e231993bdf61 | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TRENDnet | TV-IP110WN |
Version: 1.2.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T15:23:43.183921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T16:05:16.788Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Embedded Boa Web Server"
],
"product": "TV-IP110WN",
"vendor": "TRENDnet",
"versions": [
{
"status": "affected",
"version": "1.2.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TPCHECKER (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in TRENDnet TV-IP110WN 1.2.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /server/boa.conf of the component Embedded Boa Web Server. The manipulation leads to least privilege violation. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in TRENDnet TV-IP110WN 1.2.2 gefunden. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /server/boa.conf der Komponente Embedded Boa Web Server. Durch das Beeinflussen mit unbekannten Daten kann eine least privilege violation-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-272",
"description": "Least Privilege Violation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-09T15:02:05.815Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319262 | TRENDnet TV-IP110WN Embedded Boa Web Server boa.conf least privilege violation",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.319262"
},
{
"name": "VDB-319262 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319262"
},
{
"name": "Submit #624257 | TRENDnet TV-IP110WN 1.2.2 Misconfiguration",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.624257"
},
{
"tags": [
"exploit"
],
"url": "https://www.notion.so/23e54a1113e780569260e231993bdf61"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-08T17:38:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "TRENDnet TV-IP110WN Embedded Boa Web Server boa.conf least privilege violation"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8757",
"datePublished": "2025-08-09T15:02:05.815Z",
"dateReserved": "2025-08-08T15:33:17.070Z",
"dateUpdated": "2025-08-12T16:05:16.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8758 (GCVE-0-2025-8758)
Vulnerability from cvelistv5
Published
2025-08-09 16:02
Modified
2025-08-12 16:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in TRENDnet TEW-822DRE FW103B02. It has been classified as problematic. This affects an unknown part of the component vsftpd. The manipulation leads to least privilege violation. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.319263 | vdb-entry | |
| https://vuldb.com/?ctiid.319263 | signature, permissions-required | |
| https://vuldb.com/?submit.624299 | third-party-advisory | |
| https://www.notion.so/23e54a1113e78009adc9d909b254812b | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TRENDnet | TEW-822DRE |
Version: FW103B02 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T15:23:36.078367Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T16:05:10.629Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"vsftpd"
],
"product": "TEW-822DRE",
"vendor": "TRENDnet",
"versions": [
{
"status": "affected",
"version": "FW103B02"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TPCHECKER (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in TRENDnet TEW-822DRE FW103B02. It has been classified as problematic. This affects an unknown part of the component vsftpd. The manipulation leads to least privilege violation. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in TRENDnet TEW-822DRE FW103B02 ausgemacht. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Komponente vsftpd. Durch Beeinflussen mit unbekannten Daten kann eine least privilege violation-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-272",
"description": "Least Privilege Violation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-09T16:02:05.577Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319263 | TRENDnet TEW-822DRE vsftpd least privilege violation",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.319263"
},
{
"name": "VDB-319263 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319263"
},
{
"name": "Submit #624299 | TRENDnet TEW-822DRE FW103B02 Misconfiguration",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.624299"
},
{
"tags": [
"exploit"
],
"url": "https://www.notion.so/23e54a1113e78009adc9d909b254812b"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-08T17:38:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "TRENDnet TEW-822DRE vsftpd least privilege violation"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8758",
"datePublished": "2025-08-09T16:02:05.577Z",
"dateReserved": "2025-08-08T15:33:19.726Z",
"dateUpdated": "2025-08-12T16:05:10.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-1
Phases: Architecture and Design, Operation
Description:
- Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation ID: MIT-48
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation ID: MIT-46
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.