CWE-276
AllowedIncorrect Default Permissions
Abstraction: Base · Status: Draft
During installation, installed file permissions are set to allow anyone to modify those files.
2033 vulnerabilities reference this CWE, most recent first.
CVE-2025-64723 (GCVE-0-2025-64723)
Vulnerability from cvelistv5 – Published: 2025-12-18 15:15 – Updated: 2026-01-14 16:41- CWE-276 - Incorrect Default Permissions
| URL | Tags |
|---|---|
| https://github.com/arduino/arduino-ide/security/a… | x_refsource_CONFIRM |
| https://github.com/arduino/arduino-ide/pull/2805 | x_refsource_MISC |
| https://github.com/arduino/arduino-ide/commit/1fa… | x_refsource_MISC |
| https://github.com/arduino/arduino-ide/releases/t… | x_refsource_MISC |
| https://support.arduino.cc/hc/en-us/articles/2432… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| arduino | arduino-ide |
Affected:
< 2.3.7
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64723",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T18:51:21.858568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T19:06:47.330Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "arduino-ide",
"vendor": "arduino",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the application process, gaining access to all TCC (Transparency, Consent, and Control) permissions granted to the application. The fix is included starting from the `2.3.7 ` release."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T16:41:03.867Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/arduino/arduino-ide/security/advisories/GHSA-vf5j-xhwq-8vqj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/arduino/arduino-ide/security/advisories/GHSA-vf5j-xhwq-8vqj"
},
{
"name": "https://github.com/arduino/arduino-ide/pull/2805",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/arduino/arduino-ide/pull/2805"
},
{
"name": "https://github.com/arduino/arduino-ide/commit/1fa0fd31c8d6b62f19332e33713a8c5b0f4ed6f9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/arduino/arduino-ide/commit/1fa0fd31c8d6b62f19332e33713a8c5b0f4ed6f9"
},
{
"name": "https://github.com/arduino/arduino-ide/releases/tag/2.3.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/arduino/arduino-ide/releases/tag/2.3.7"
},
{
"name": "https://support.arduino.cc/hc/en-us/articles/24329484618652-ASEC-25-004-Arduino-IDE-v2-3-7-Resolves-Multiple-Vulnerabilities",
"tags": [
"x_refsource_MISC"
],
"url": "https://support.arduino.cc/hc/en-us/articles/24329484618652-ASEC-25-004-Arduino-IDE-v2-3-7-Resolves-Multiple-Vulnerabilities"
}
],
"source": {
"advisory": "GHSA-vf5j-xhwq-8vqj",
"discovery": "UNKNOWN"
},
"title": "Arduino IDE for macOS has TCC Bypass via Dynamic Library Injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64723",
"datePublished": "2025-12-18T15:15:15.883Z",
"dateReserved": "2025-11-10T14:07:42.923Z",
"dateUpdated": "2026-01-14T16:41:03.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64436 (GCVE-0-2025-64436)
Vulnerability from cvelistv5 – Published: 2025-11-07 22:59 – Updated: 2025-11-10 18:53| URL | Tags |
|---|---|
| https://github.com/kubevirt/kubevirt/security/adv… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64436",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T18:52:35.681339Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T18:53:09.436Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kubevirt",
"vendor": "kubevirt",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KubeVirt is a virtual machine management add-on for Kubernetes. In 1.5.0 and earlier, the permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-controlled node. This vulnerability could otherwise allow an attacker to mark all nodes as unschedulable, potentially forcing the migration or creation of privileged pods onto a compromised node."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T22:59:47.228Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-7xgm-5prm-v5gc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-7xgm-5prm-v5gc"
}
],
"source": {
"advisory": "GHSA-7xgm-5prm-v5gc",
"discovery": "UNKNOWN"
},
"title": "KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64436",
"datePublished": "2025-11-07T22:59:47.228Z",
"dateReserved": "2025-11-03T22:12:51.365Z",
"dateUpdated": "2025-11-10T18:53:09.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62668 (GCVE-0-2025-62668)
Vulnerability from cvelistv5 – Published: 2025-10-18 04:39 – Updated: 2025-10-20 16:27- CWE-276 - Incorrect Default Permissions
| Vendor | Product | Version | |
|---|---|---|---|
| The Wikimedia Foundation | Mediawiki - GrowthExperiments Extension |
Affected:
master , < 1.39
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62668",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T16:26:58.732291Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T16:27:08.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mediawiki - GrowthExperiments Extension",
"vendor": "The Wikimedia Foundation",
"versions": [
{
"lessThan": "1.39",
"status": "affected",
"version": "master",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SomeRandomDeveloper"
},
{
"lang": "en",
"type": "finder",
"value": "Urbanecm_WMF"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Resource Leak Exposure.\u003cp\u003eThis issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39.\u003c/p\u003e"
}
],
"value": "Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Resource Leak Exposure.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39."
}
],
"impacts": [
{
"capecId": "CAPEC-131",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-131 Resource Leak Exposure"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-18T04:39:28.390Z",
"orgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"shortName": "wikimedia-foundation"
},
"references": [
{
"url": "https://phabricator.wikimedia.org/T402600"
},
{
"url": "https://gerrit.wikimedia.org/r/q/I29a18dbbaf7e2ce2a713233dbc6880032fec3628"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficient permission checks in action=growthsetmentor",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"assignerShortName": "wikimedia-foundation",
"cveId": "CVE-2025-62668",
"datePublished": "2025-10-18T04:39:28.390Z",
"dateReserved": "2025-10-18T04:03:51.880Z",
"dateUpdated": "2025-10-20T16:27:08.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62661 (GCVE-0-2025-62661)
Vulnerability from cvelistv5 – Published: 2025-10-21 19:33 – Updated: 2025-10-21 19:51- CWE-276 - Incorrect Default Permissions
| Vendor | Product | Version | |
|---|---|---|---|
| The Wikimedia Foundation | Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension |
Affected:
1.43 , < 1.44
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62661",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T19:49:17.423316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T19:51:42.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension",
"vendor": "The Wikimedia Foundation",
"versions": [
{
"lessThan": "1.44",
"status": "affected",
"version": "1.43",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "dom_walden"
},
{
"lang": "en",
"type": "remediation developer",
"value": "mszwarc"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension: from 1.43 before 1.44.\u003c/p\u003e"
}
],
"value": "Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension: from 1.43 before 1.44."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T19:33:26.399Z",
"orgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"shortName": "wikimedia-foundation"
},
"references": [
{
"url": "https://phabricator.wikimedia.org/T397497"
},
{
"url": "https://gerrit.wikimedia.org/r/q/Idbc1b5a288ffaa7074eedcbac066358a8ec649dc"
},
{
"url": "https://gerrit.wikimedia.org/r/q/Ia584966bb7d4d707eef50529293aa3d468470f18"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Do permission checking when getting counts of global and local edits, new articles and thanks",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"assignerShortName": "wikimedia-foundation",
"cveId": "CVE-2025-62661",
"datePublished": "2025-10-21T19:33:26.399Z",
"dateReserved": "2025-10-17T22:01:52.602Z",
"dateUpdated": "2025-10-21T19:51:42.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62577 (GCVE-0-2025-62577)
Vulnerability from cvelistv5 – Published: 2025-10-20 05:32 – Updated: 2025-11-03 16:06- CWE-276 - Incorrect default permissions
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T14:12:12.186180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T14:12:31.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T16:06:00.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.ts.fujitsu.com/ProductSecurity/content/FsasTech-PSIRT-FTI-STR-2025-102005-Security-Notice.pdf"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "ETERNUS SF AdvancedCopy Manager Standard Edition (for Solaris 10/ 11)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "15.0/ 15.1/ 15.2/ 15.3/ 16.0/ 16.1/ 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1"
}
]
},
{
"product": "ETERNUS SF Storage Cruiser (for Solaris 10/ 11)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "15.0/ 15.1/ 15.2/ 15.3/ 16.0/ 16.1/ 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1"
}
]
},
{
"product": "ETERNUS SF AdvancedCopy Manager Standard Edition (for RHEL 7/ 8/ 9)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1"
}
]
},
{
"product": "ETERNUS SF Expressn (for RHEL 7/ 8/ 9)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1"
}
]
},
{
"product": "ETERNUS SF Storage Cruisern (for RHEL 7/ 8/ 9)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1"
}
]
},
{
"product": "ETERNUS SF AdvancedCopy Manager Standard Edition (for Windows Server 2016/ 2019/ 2022)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1"
}
]
},
{
"product": "ETERNUS SF Express (for Windows Server 2016/ 2019/ 2022)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1"
}
]
},
{
"product": "ETERNUS SF Storage Cruiser (for Windows Server 2016/ 2019/ 2022)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T05:32:41.402Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fujitsu.com/global/support/products/computing/storage/20251020/index.html"
},
{
"url": "https://www.fsastech.com/ja-jp/resources/security/2025/1020.html"
},
{
"url": "https://jvn.jp/en/jp/JVN44266462/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-62577",
"datePublished": "2025-10-20T05:32:41.402Z",
"dateReserved": "2025-10-16T00:39:29.822Z",
"dateUpdated": "2025-11-03T16:06:00.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61667 (GCVE-0-2025-61667)
Vulnerability from cvelistv5 – Published: 2025-11-12 18:50 – Updated: 2025-11-12 21:04- CWE-276 - Incorrect Default Permissions
| URL | Tags |
|---|---|
| https://github.com/DataDog/datadog-agent/security… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| DataDog | datadog-agent |
Affected:
>= 7.65.0 , < 7.71.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61667",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T20:45:47.511430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T21:04:11.852Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "datadog-agent",
"vendor": "DataDog",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.65.0 , \u003c 7.71.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Datadog Agent collects events and metrics from hosts and sends them to Datadog. A vulnerability within the Datadog Linux Host Agent versions 7.65.0 through 7.70.2 exists due to insufficient permissions being set on the `opt/datadog-agent/python-scripts/__pycache__` directory during installation. Code in this directory is only run by the Agent during Agent install/upgrades. This could allow an attacker with local access to modify files in this directory, which would then subsequently be run when the Agent is upgraded, resulting in local privilege escalation. This issue requires local access to the host and a valid low privilege account to be vulnerable. Note that this vulnerability only impacts the Linux Host Agent. Other variations of the Agent including the container, kubernetes, windows host and other agents are not impacted. Version 7.71.0 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T18:50:02.940Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/DataDog/datadog-agent/security/advisories/GHSA-6852-76c5-6cmg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/DataDog/datadog-agent/security/advisories/GHSA-6852-76c5-6cmg"
}
],
"source": {
"advisory": "GHSA-6852-76c5-6cmg",
"discovery": "UNKNOWN"
},
"title": "Datadog Linux Host Agent affected by local privilege escalation due to insufficient pycache permissions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-61667",
"datePublished": "2025-11-12T18:50:02.940Z",
"dateReserved": "2025-09-29T20:25:16.179Z",
"dateUpdated": "2025-11-12T21:04:11.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59485 (GCVE-0-2025-59485)
Vulnerability from cvelistv5 – Published: 2025-11-25 07:20 – Updated: 2025-11-25 14:42- CWE-276 - Incorrect default permissions
| Vendor | Product | Version | |
|---|---|---|---|
| Intercom, Inc. | Security Point (Windows) of MaLion |
Affected:
prior to Ver.5.3.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59485",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-25T14:41:39.757332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T14:42:13.300Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Security Point (Windows) of MaLion",
"vendor": "Intercom, Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.5.3.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions issue exists in Security Point (Windows) of MaLion prior to Ver.5.3.4. If this vulnerability is exploited, an arbitrary file could be placed in the specific folder by a user who can log in to the system where the product\u0027s Windows client is installed. If the file is a specially crafted DLL file, arbitrary code could be executed with SYSTEM privilege."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T07:20:38.296Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.intercom.co.jp/information/2025/1125.html"
},
{
"url": "https://jvn.jp/en/jp/JVN76298784/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-59485",
"datePublished": "2025-11-25T07:20:38.296Z",
"dateReserved": "2025-11-18T02:02:14.649Z",
"dateUpdated": "2025-11-25T14:42:13.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59030 (GCVE-0-2025-59030)
Vulnerability from cvelistv5 – Published: 2025-12-09 09:15 – Updated: 2025-12-09 14:30- CWE-276 - Incorrect Default Permissions
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59030",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:30:11.421682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T14:30:16.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.powerdns.com/",
"defaultStatus": "unaffected",
"modules": [
"TCP NOTIFY messages handler"
],
"packageName": "pdns-recursor",
"product": "Recursor",
"programFiles": [
"rec-tcp.cc"
],
"repo": "https://github.com/PowerDNS/pdns",
"vendor": "PowerDNS",
"versions": [
{
"lessThan": "5.3.3",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
},
{
"lessThan": "5.2.7",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThan": "5.1.9",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-12-08T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.\u003c/p\u003e"
}
],
"value": "An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T09:15:43.645Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-08.html"
}
],
"source": {
"advisory": "PowerDNS Security Advisory 2025-08",
"discovery": "EXTERNAL"
},
"title": "Insufficient validation of incoming notifies over TCP can lead to a denial of service in Recursor",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2025-59030",
"datePublished": "2025-12-09T09:15:43.645Z",
"dateReserved": "2025-09-08T14:22:28.105Z",
"dateUpdated": "2025-12-09T14:30:16.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58713 (GCVE-0-2025-58713)
Vulnerability from cvelistv5 – Published: 2026-04-08 13:55 – Updated: 2026-04-08 14:28- CWE-276 - Incorrect Default Permissions
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2025-58713 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2394419 | issue-trackingx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Process Automation 7 |
cpe:/a:redhat:jboss_enterprise_bpms_platform:7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58713",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T14:28:06.782039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T14:28:41.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unknown",
"packageName": "rhpam-businesscentral-monitoring-rhel8",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unknown",
"packageName": "rhpam-businesscentral-rhel8",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unknown",
"packageName": "rhpam-controller-rhel8",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unknown",
"packageName": "rhpam-dashbuilder-rhel8",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unknown",
"packageName": "rhpam-kieserver-rhel8",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unknown",
"packageName": "rhpam-process-migration-rhel8",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."
}
],
"datePublic": "2026-04-08T13:44:47.211Z",
"descriptions": [
{
"lang": "en",
"value": "A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T13:55:11.428Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-58713"
},
{
"name": "RHBZ#2394419",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394419"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-10T17:32:17.181Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-08T13:44:47.211Z",
"value": "Made public."
}
],
"title": "Rhpam: privilege escalation via excessive /etc/passwd permissions",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-276: Incorrect Default Permissions"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-58713",
"datePublished": "2026-04-08T13:55:11.428Z",
"dateReserved": "2025-09-03T15:20:52.037Z",
"dateUpdated": "2026-04-08T14:28:41.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58712 (GCVE-0-2025-58712)
Vulnerability from cvelistv5 – Published: 2025-10-22 18:19 – Updated: 2026-03-06 23:45- CWE-276 - Incorrect Default Permissions
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2025:17562 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2025-58712 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2394418 | issue-trackingx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| apache | activemq-artemis |
Unaffected:
0 , < *
(semver)
|
|
| Red Hat | RHEL-9 based Middleware Containers |
Unaffected:
7.13.2-1 , < *
(rpm)
cpe:/a:redhat:rhosemc:1.0::el9 |
|
| Red Hat | Red Hat AMQ Broker 7 |
cpe:/a:redhat:amq_broker:7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58712",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T18:25:27.188744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T18:37:06.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/apache/activemq-artemis",
"defaultStatus": "unknown",
"packageName": "activemq-artemis",
"product": "activemq-artemis",
"vendor": "apache",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el9"
],
"defaultStatus": "affected",
"packageName": "amq7/amq-broker-init-rhel9",
"product": "RHEL-9 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.13.2-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el9"
],
"defaultStatus": "affected",
"packageName": "amq7/amq-broker-rhel9",
"product": "RHEL-9 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.13.2-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el9"
],
"defaultStatus": "affected",
"packageName": "amq7/amq-broker-rhel9-operator",
"product": "RHEL-9 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.13.2-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el9"
],
"defaultStatus": "affected",
"packageName": "amq7/amq-broker-rhel9-operator-bundle",
"product": "RHEL-9 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.13.2-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el9"
],
"defaultStatus": "affected",
"packageName": "amq7-tech-preview/amq-broker-console-plugin-rhel9",
"product": "RHEL-9 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.13.2-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el9"
],
"defaultStatus": "affected",
"packageName": "amq7-tech-preview/amq-broker-jolokia-api-server-rhel9",
"product": "RHEL-9 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.13.2-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:amq_broker:7"
],
"defaultStatus": "affected",
"packageName": "amq-broker-init-rhel8",
"product": "Red Hat AMQ Broker 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:amq_broker:7"
],
"defaultStatus": "affected",
"packageName": "amq-broker-init-rhel9",
"product": "Red Hat AMQ Broker 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:amq_broker:7"
],
"defaultStatus": "affected",
"packageName": "amq-broker-rhel8",
"product": "Red Hat AMQ Broker 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:amq_broker:7"
],
"defaultStatus": "affected",
"packageName": "amq-broker-rhel9",
"product": "Red Hat AMQ Broker 7",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Antony Di Scala and Mike Whale for reporting this issue."
}
],
"datePublic": "2025-10-07T14:26:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T23:45:29.098Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:17562",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:17562"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-58712"
},
{
"name": "RHBZ#2394418",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394418"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-10T17:28:57.860Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-10-07T14:26:00.000Z",
"value": "Made public."
}
],
"title": "Amq: privilege escalation via excessive /etc/passwd permissions",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-276: Incorrect Default Permissions"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-58712",
"datePublished": "2025-10-22T18:19:06.763Z",
"dateReserved": "2025-09-03T15:20:52.036Z",
"dateUpdated": "2026-03-06T23:45:29.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation MIT-1
The architecture needs to access and modification attributes for files to only those users who actually require those actions.
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-81: Web Server Logs Tampering
Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.