Common Weakness Enumeration

CWE-276

Allowed

Incorrect Default Permissions

Abstraction: Base · Status: Draft

During installation, installed file permissions are set to allow anyone to modify those files.

2034 vulnerabilities reference this CWE, most recent first.

CVE-2025-57846 (GCVE-0-2025-57846)

Vulnerability from cvelistv5 – Published: 2025-08-27 05:28 – Updated: 2025-08-27 14:52
VLAI
Summary
Multiple i-フィルター products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect default permissions
Assigner
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-57846",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-27T14:47:59.700143Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-27T14:52:39.319Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc 6.0",
          "vendor": "Digital Arts Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 6.00.55"
            }
          ]
        },
        {
          "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30de\u30eb\u30c1\u30c7\u30d0\u30a4\u30b9",
          "vendor": "Digital Arts Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 6.00.55 (Windows version only)"
            }
          ]
        },
        {
          "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for ZAQ",
          "vendor": "Digital Arts Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 6.00.55 (Windows version only)"
            }
          ]
        },
        {
          "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30cd\u30c3\u30c8\u30ab\u30d5\u30a7",
          "vendor": "Digital Arts Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 6.10.55"
            }
          ]
        },
        {
          "product": "i-FILTER \u30d6\u30e9\u30a6\u30b6\u30fc\uff06\u30af\u30e9\u30a6\u30c9 MultiAgent for Windows",
          "vendor": "Digital Arts Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 4.93.R11"
            }
          ]
        },
        {
          "product": "FENCE-Mobile RemoteManager i-FILTER Browser Service",
          "vendor": "Fujitsu Limited",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 4.93R11"
            }
          ]
        },
        {
          "product": "Optimal Biz Web Filtering Powered by i-FILTER (Windows version)",
          "vendor": "OPTiM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 4.93R11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple i-\u30d5\u30a3\u30eb\u30bf\u30fc products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "Incorrect default permissions",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-27T05:28:42.925Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20250827_01.pdf"
        },
        {
          "url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20250827_02.pdf"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN55678602/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2025-57846",
    "datePublished": "2025-08-27T05:28:42.925Z",
    "dateReserved": "2025-08-21T04:04:10.182Z",
    "dateUpdated": "2025-08-27T14:52:39.319Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-55111 (GCVE-0-2025-55111)

Vulnerability from cvelistv5 – Published: 2025-09-16 12:18 – Updated: 2025-09-16 18:29
VLAI
Title
BMC Control-M/Agent insecure default file permissions
Summary
Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating to SSL files, keystore and policies. An attacker with local access to the system running the Agent can access these files.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
BMC Control-M/Agent Unaffected: 9.0.21 (semver)
Affected: 9.0.20 (semver)
Affected: 9.0.19 (semver)
Affected: 9.0.18 (semver)
Create a notification for this product.
Credits
Airbus SAS - Jean-Romain Garnier - seclab@airbus.com
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-55111",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-16T18:26:11.569826Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-16T18:29:31.739Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Control-M/Agent",
          "vendor": "BMC",
          "versions": [
            {
              "status": "unaffected",
              "version": "9.0.21",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "9.0.20",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "9.0.19",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "9.0.18",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Airbus SAS - Jean-Romain Garnier - seclab@airbus.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cp\u003eCertain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating to SSL files, keystore and policies. An attacker with local access to the system running the Agent can access these files.\u003c/p\u003e\u003c/div\u003e"
            }
          ],
          "value": "Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating to SSL files, keystore and policies. An attacker with local access to the system running the Agent can access these files."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T12:18:22.878Z",
        "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "shortName": "airbus"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
        },
        {
          "tags": [
            "mitigation"
          ],
          "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441965"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "BMC Control-M/Agent insecure default file permissions",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
    "assignerShortName": "airbus",
    "cveId": "CVE-2025-55111",
    "datePublished": "2025-09-16T12:18:22.878Z",
    "dateReserved": "2025-08-07T07:23:59.125Z",
    "dateUpdated": "2025-09-16T18:29:31.739Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-54990 (GCVE-0-2025-54990)

Vulnerability from cvelistv5 – Published: 2025-11-18 22:13 – Updated: 2025-11-19 21:03
VLAI
Title
XWiki AdminTools application doesn't set permissions on the AdminTools space
Summary
XWiki AdminTools integrates administrative tools for managing a running XWiki instance. Prior to version 1.1, users without admin rights have access to AdminTools.SpammedPages. View rights are not restricted only to admin users for AdminTools.SpammedPages. While no data is visible to non admin users, the page is still accessible. This issue has been patched in version 1.1. A workaround involves setting the view rights for the AdminTools space to be only available for the XWikiAdminGroup.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54990",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-19T21:03:03.863099Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-19T21:03:14.756Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "application-admintools",
          "vendor": "xwikisas",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XWiki AdminTools integrates administrative tools for managing a running XWiki instance. Prior to version 1.1, users without admin rights have access to AdminTools.SpammedPages. View rights are not restricted only to admin users for AdminTools.SpammedPages. While no data is visible to non admin users, the page is still accessible. This issue has been patched in version 1.1. A workaround involves setting the view rights for the AdminTools space to be only available for the XWikiAdminGroup."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-18T22:13:59.524Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/xwikisas/application-admintools/security/advisories/GHSA-v7r8-8p5c-h4xw",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/xwikisas/application-admintools/security/advisories/GHSA-v7r8-8p5c-h4xw"
        }
      ],
      "source": {
        "advisory": "GHSA-v7r8-8p5c-h4xw",
        "discovery": "UNKNOWN"
      },
      "title": "XWiki AdminTools application doesn\u0027t set permissions on the AdminTools space"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-54990",
    "datePublished": "2025-11-18T22:13:59.524Z",
    "dateReserved": "2025-08-04T17:34:24.420Z",
    "dateUpdated": "2025-11-19T21:03:14.756Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-54866 (GCVE-0-2025-54866)

Vulnerability from cvelistv5 – Published: 2025-11-21 18:23 – Updated: 2025-11-21 18:33
VLAI
Title
Wazuh installation fails to protected authd.pass on Windows
Summary
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.3.0 to before 4.13.0, a missing ACL on "C:\Program Files (x86)\ossec-agent\authd.pass" exposes the password to all "Authenticated Users" on the local machine. This issue has been patched in version 4.13.0.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
wazuh wazuh Affected: >= 4.3.0, < 4.13.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54866",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-21T18:32:48.676525Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-21T18:33:23.442Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "wazuh",
          "vendor": "wazuh",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.3.0, \u003c 4.13.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.3.0 to before 4.13.0, a missing ACL on \"C:\\Program Files (x86)\\ossec-agent\\authd.pass\" exposes the password to all \"Authenticated Users\" on the local machine. This issue has been patched in version 4.13.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 1.8,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-21T18:23:49.530Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/wazuh/wazuh/security/advisories/GHSA-mvfx-ph7m-qm37",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-mvfx-ph7m-qm37"
        },
        {
          "name": "https://github.com/wazuh/wazuh/pull/31187",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/wazuh/wazuh/pull/31187"
        },
        {
          "name": "https://github.com/wazuh/wazuh/commit/606f19e688944ebe5d28d72eb81ac36f8fffb143",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/wazuh/wazuh/commit/606f19e688944ebe5d28d72eb81ac36f8fffb143"
        },
        {
          "name": "https://github.com/wazuh/wazuh/releases/tag/v4.13.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/wazuh/wazuh/releases/tag/v4.13.0"
        }
      ],
      "source": {
        "advisory": "GHSA-mvfx-ph7m-qm37",
        "discovery": "UNKNOWN"
      },
      "title": "Wazuh installation fails to protected authd.pass on Windows"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-54866",
    "datePublished": "2025-11-21T18:23:49.530Z",
    "dateReserved": "2025-07-31T17:23:33.472Z",
    "dateUpdated": "2025-11-21T18:33:23.442Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-54059 (GCVE-0-2025-54059)

Vulnerability from cvelistv5 – Published: 2025-07-18 15:40 – Updated: 2025-07-18 16:04
VLAI
Title
melange creates SBOM files in APKs with world-writable permissions
Summary
melange allows users to build apk packages using declarative pipelines. Starting in version 0.23.0 and prior to version 0.29.5, SBOM files generated by melange in apks had file system permissions mode 666. This potentially allows an unprivileged user to tamper with apk SBOMs on a running image, potentially confusing security scanners. An attacker could also perform a DoS under special circumstances. Version 0.29.5 fixes the issue.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
chainguard-dev melange Affected: >= 0.23.0, < 0.29.5
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54059",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-18T15:53:51.678522Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-18T16:04:30.154Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "melange",
          "vendor": "chainguard-dev",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.23.0, \u003c 0.29.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "melange allows users to build apk packages using declarative pipelines. Starting in version 0.23.0 and prior to version 0.29.5, SBOM files generated by melange in apks had file system permissions mode 666. This potentially allows an unprivileged user to tamper with apk SBOMs on a running image, potentially confusing security scanners. An attacker could also perform a DoS under special circumstances. Version 0.29.5 fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-18T15:40:43.277Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/chainguard-dev/melange/security/advisories/GHSA-5662-cv6m-63wh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/chainguard-dev/melange/security/advisories/GHSA-5662-cv6m-63wh"
        },
        {
          "name": "https://github.com/chainguard-dev/melange/pull/1836",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/chainguard-dev/melange/pull/1836"
        },
        {
          "name": "https://github.com/chainguard-dev/melange/pull/2086",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/chainguard-dev/melange/pull/2086"
        },
        {
          "name": "https://github.com/chainguard-dev/melange/commit/1b272db2a0bb3441553284cc56d87236b4b64c04",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/chainguard-dev/melange/commit/1b272db2a0bb3441553284cc56d87236b4b64c04"
        },
        {
          "name": "https://github.com/chainguard-dev/melange/commit/e29494b4a40a91619ec1c87a09003c6d5164cea1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/chainguard-dev/melange/commit/e29494b4a40a91619ec1c87a09003c6d5164cea1"
        },
        {
          "name": "https://github.com/chainguard-dev/melange/releases/tag/v0.23.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/chainguard-dev/melange/releases/tag/v0.23.0"
        },
        {
          "name": "https://github.com/chainguard-dev/melange/releases/tag/v0.29.5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/chainguard-dev/melange/releases/tag/v0.29.5"
        }
      ],
      "source": {
        "advisory": "GHSA-5662-cv6m-63wh",
        "discovery": "UNKNOWN"
      },
      "title": "melange creates SBOM files in APKs with world-writable permissions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-54059",
    "datePublished": "2025-07-18T15:40:43.277Z",
    "dateReserved": "2025-07-16T13:22:18.203Z",
    "dateUpdated": "2025-07-18T16:04:30.154Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-53947 (GCVE-0-2025-53947)

Vulnerability from cvelistv5 – Published: 2025-09-18 21:10 – Updated: 2025-09-19 12:10
VLAI
Title
Cognex In-Sight Explorer and In-Sight Camera Firmware Incorrect Default Permissions
Summary
A local attacker with low privileges on the Windows system where the software is installed can exploit this vulnerability to corrupt sensitive data. A data folder is created with very weak privileges, allowing any user logged into the Windows system to modify its content.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Credits
Diego Giubertoni of Nozomi Networks reported these vulnerabilities to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53947",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-19T12:09:45.113789Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-19T12:10:31.664Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "In-Sight 2000 series",
          "vendor": "Cognex",
          "versions": [
            {
              "lessThanOrEqual": "6.5.1",
              "status": "affected",
              "version": "5.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "In-Sight 7000 series",
          "vendor": "Cognex",
          "versions": [
            {
              "lessThanOrEqual": "6.5.1",
              "status": "affected",
              "version": "5.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "In-Sight 8000 series",
          "vendor": "Cognex",
          "versions": [
            {
              "lessThanOrEqual": "6.5.1",
              "status": "affected",
              "version": "5.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "In-Sight 9000 series",
          "vendor": "Cognex",
          "versions": [
            {
              "lessThanOrEqual": "6.5.1",
              "status": "affected",
              "version": "5.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "In-Sight Explorer",
          "vendor": "Cognex",
          "versions": [
            {
              "lessThanOrEqual": "6.5.1",
              "status": "affected",
              "version": "5.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Diego Giubertoni of Nozomi Networks reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A local attacker with low privileges on the Windows system where the \nsoftware is installed can exploit this vulnerability to corrupt \nsensitive data. A data folder is created with very weak privileges, \nallowing any user logged into the Windows system to modify its content."
            }
          ],
          "value": "A local attacker with low privileges on the Windows system where the \nsoftware is installed can exploit this vulnerability to corrupt \nsensitive data. A data folder is created with very weak privileges, \nallowing any user logged into the Windows system to modify its content."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-18T21:10:03.344Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06"
        }
      ],
      "source": {
        "advisory": "ICSA-25-261-06",
        "discovery": "EXTERNAL"
      },
      "title": "Cognex In-Sight Explorer and In-Sight Camera Firmware Incorrect Default Permissions",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Cognex reports that In-Sight Explorer based vision systems are legacy \nproducts not intended for new applications. To reduce risk, asset owners\n are advised to switch to next generation In-Sight Vision Suite based \nvision systems, such as the In-Sight 2800, In-Sight 3800, In-Sight 8900 \nseries embedded cameras.\n\n\u003cbr\u003e"
            }
          ],
          "value": "Cognex reports that In-Sight Explorer based vision systems are legacy \nproducts not intended for new applications. To reduce risk, asset owners\n are advised to switch to next generation In-Sight Vision Suite based \nvision systems, such as the In-Sight 2800, In-Sight 3800, In-Sight 8900 \nseries embedded cameras."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-53947",
    "datePublished": "2025-09-18T21:10:03.344Z",
    "dateReserved": "2025-08-06T16:32:41.276Z",
    "dateUpdated": "2025-09-19T12:10:31.664Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-53945 (GCVE-0-2025-53945)

Vulnerability from cvelistv5 – Published: 2025-07-18 15:35 – Updated: 2025-07-22 15:03
VLAI
Title
apko has incorrect permission (0666) in /etc/ld.so.cache and other files
Summary
apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5, critical files were inadvertently set to 0666, which could likely be abused for root escalation. Version 0.29.5 contains a fix for the issue.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
chainguard-dev apko Affected: >= 0.27.0, < 0.29.5
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53945",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-22T15:03:34.863284Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-22T15:03:42.966Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apko",
          "vendor": "chainguard-dev",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.27.0, \u003c 0.29.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5, critical files were inadvertently set to 0666, which could likely be abused for root escalation. Version 0.29.5 contains a fix for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-18T15:35:17.325Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/chainguard-dev/apko/security/advisories/GHSA-x6ph-r535-3vjw",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/chainguard-dev/apko/security/advisories/GHSA-x6ph-r535-3vjw"
        },
        {
          "name": "https://github.com/chainguard-dev/apko/commit/04f37e2d50d5a502e155788561fb7d40de705bd9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/chainguard-dev/apko/commit/04f37e2d50d5a502e155788561fb7d40de705bd9"
        },
        {
          "name": "https://github.com/chainguard-dev/apko/commit/aedb0772d6bf6e74d8f17690946dbc791d0f6af3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/chainguard-dev/apko/commit/aedb0772d6bf6e74d8f17690946dbc791d0f6af3"
        },
        {
          "name": "https://github.com/chainguard-dev/apko/releases/tag/v0.27.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/chainguard-dev/apko/releases/tag/v0.27.0"
        },
        {
          "name": "https://github.com/chainguard-dev/apko/releases/tag/v0.29.5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/chainguard-dev/apko/releases/tag/v0.29.5"
        }
      ],
      "source": {
        "advisory": "GHSA-x6ph-r535-3vjw",
        "discovery": "UNKNOWN"
      },
      "title": "apko has incorrect permission (0666) in /etc/ld.so.cache and other files"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-53945",
    "datePublished": "2025-07-18T15:35:17.325Z",
    "dateReserved": "2025-07-14T17:23:35.262Z",
    "dateUpdated": "2025-07-22T15:03:42.966Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-53813 (GCVE-0-2025-53813)

Vulnerability from cvelistv5 – Published: 2025-08-26 12:22 – Updated: 2025-08-26 13:59
VLAI
Title
TCC Bypass via misconfigured Node fuses in Nozbe
Summary
The configuration of Nozbe on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Nozbe TCC (Transparency, Consent, and Control) permissions.  Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission. This issue was fixed in version 2025.11 of Nozbe.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Vendor Product Version
Nozbe Nozbe Affected: 0 , < 2025.11 (custom)
Create a notification for this product.
Date Public
2025-08-25 22:44
Credits
Karol Mazurek - AFINE Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53813",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-26T13:59:19.015309Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-26T13:59:53.451Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "MacOS"
          ],
          "product": "Nozbe",
          "vendor": "Nozbe",
          "versions": [
            {
              "lessThan": "2025.11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Karol Mazurek - AFINE Team"
        }
      ],
      "datePublic": "2025-08-25T22:44:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The configuration of Nozbe on macOS, specifically the \"RunAsNode\" fuse enabled, allows a\u0026nbsp;local attacker with unprivileged access to execute arbitrary code that inherits Nozbe TCC (Transparency, Consent, and Control) permissions.\u0026nbsp;\u003cbr\u003eAcquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.\u003cbr\u003e\u003cbr\u003eThis issue was fixed in version 2025.11 of Nozbe.\u003cbr\u003e"
            }
          ],
          "value": "The configuration of Nozbe on macOS, specifically the \"RunAsNode\" fuse enabled, allows a\u00a0local attacker with unprivileged access to execute arbitrary code that inherits Nozbe TCC (Transparency, Consent, and Control) permissions.\u00a0\nAcquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.\n\nThis issue was fixed in version 2025.11 of Nozbe."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-122",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-122 Privilege Abuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-26T12:22:57.545Z",
        "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "shortName": "CERT-PL"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cert.pl/en/posts/2025/08/tcc-bypass/"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://nozbe.com/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "TCC Bypass via misconfigured Node fuses in Nozbe",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
    "assignerShortName": "CERT-PL",
    "cveId": "CVE-2025-53813",
    "datePublished": "2025-08-26T12:22:57.545Z",
    "dateReserved": "2025-07-09T13:42:44.066Z",
    "dateUpdated": "2025-08-26T13:59:53.451Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-53811 (GCVE-0-2025-53811)

Vulnerability from cvelistv5 – Published: 2025-08-26 12:22 – Updated: 2025-08-26 14:06
VLAI
Title
TCC Bypass via misconfigured Node fuses in Mosh-Pro
Summary
The configuration of Mosh-Pro on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Mosh-Pro TCC (Transparency, Consent, and Control) permissions.  Acquired resource access is limited to previously granted permissions by the user. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Mosh-Pro, potentially disguising attacker's malicious intent.  This issue was detected in 1.3.2 version of Mosh-Pro. Since authors did not respond to messages from CNA, patching status is unknown.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Vendor Product Version
Mosh-Pro Mosh-Pro Affected: 1.3.2
Create a notification for this product.
Date Public
2025-08-26 12:19
Credits
Karol Mazurek - AFINE Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53811",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-26T14:02:24.112393Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-26T14:06:08.863Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "MacOS"
          ],
          "product": "Mosh-Pro",
          "vendor": "Mosh-Pro",
          "versions": [
            {
              "status": "affected",
              "version": "1.3.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Karol Mazurek - AFINE Team"
        }
      ],
      "datePublic": "2025-08-26T12:19:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The configuration of Mosh-Pro on macOS, specifically the \"RunAsNode\" fuse enabled, allows a\u0026nbsp;local attacker with unprivileged access to execute arbitrary code that inherits Mosh-Pro TCC (Transparency, Consent, and Control) permissions.\u0026nbsp;\u003cbr\u003eAcquired resource access is limited to previously granted permissions by the user. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Mosh-Pro, potentially disguising attacker\u0027s malicious intent.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eThis issue was detected in 1.3.2\u0026nbsp;version of Mosh-Pro. Since authors did not respond to messages from CNA, patching status is unknown.\u0026nbsp;\u003cbr\u003e"
            }
          ],
          "value": "The configuration of Mosh-Pro on macOS, specifically the \"RunAsNode\" fuse enabled, allows a\u00a0local attacker with unprivileged access to execute arbitrary code that inherits Mosh-Pro TCC (Transparency, Consent, and Control) permissions.\u00a0\nAcquired resource access is limited to previously granted permissions by the user. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Mosh-Pro, potentially disguising attacker\u0027s malicious intent.\u00a0\n\nThis issue was detected in 1.3.2\u00a0version of Mosh-Pro. Since authors did not respond to messages from CNA, patching status is unknown."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-122",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-122 Privilege Abuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-26T12:22:55.182Z",
        "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "shortName": "CERT-PL"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cert.pl/en/posts/2025/08/tcc-bypass/"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://moshpro.app/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "TCC Bypass via misconfigured Node fuses in Mosh-Pro",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
    "assignerShortName": "CERT-PL",
    "cveId": "CVE-2025-53811",
    "datePublished": "2025-08-26T12:22:55.182Z",
    "dateReserved": "2025-07-09T13:42:44.065Z",
    "dateUpdated": "2025-08-26T14:06:08.863Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-52991 (GCVE-0-2025-52991)

Vulnerability from cvelistv5 – Published: 2025-06-27 00:00 – Updated: 2025-06-27 15:46
VLAI
Summary
The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users to deceive the package manager into using directories with pre-existing content, potentially leading to unauthorized actions or data manipulation. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
NixOS Nix Affected: 0 , < 2.24.15 (semver)
Affected: 2.25.0 , < 2.26.4 (semver)
Affected: 2.27.0 , < 2.28.4 (semver)
Affected: 2.29.0 , < 2.29.1 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-52991",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-27T15:21:20.719431Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-27T15:46:39.932Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Nix",
          "vendor": "NixOS",
          "versions": [
            {
              "lessThan": "2.24.15",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.26.4",
              "status": "affected",
              "version": "2.25.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.28.4",
              "status": "affected",
              "version": "2.27.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.29.1",
              "status": "affected",
              "version": "2.29.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.24.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.26.4",
                  "versionStartIncluding": "2.25.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.28.4",
                  "versionStartIncluding": "2.27.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.29.1",
                  "versionStartIncluding": "2.29.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users to deceive the package manager into using directories with pre-existing content, potentially leading to unauthorized actions or data manipulation. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-27T13:30:32.480Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017"
        },
        {
          "url": "https://lix.systems/blog/2025-06-24-lix-cves/"
        },
        {
          "url": "https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/"
        },
        {
          "url": "https://security.snyk.io/vuln/?search=CVE-2025-52991"
        },
        {
          "url": "https://security-tracker.debian.org/tracker/CVE-2025-52991"
        },
        {
          "url": "https://labs.snyk.io"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-52991",
    "datePublished": "2025-06-27T00:00:00.000Z",
    "dateReserved": "2025-06-23T00:00:00.000Z",
    "dateUpdated": "2025-06-27T15:46:39.932Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-1
Architecture and Design Operation

The architecture needs to access and modification attributes for files to only those users who actually require those actions.

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-81: Web Server Logs Tampering

Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.