CWE-250
AllowedExecution with Unnecessary Privileges
Abstraction: Base · Status: Draft
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
573 vulnerabilities reference this CWE, most recent first.
GHSA-6C8F-R55R-H256
Vulnerability from github – Published: 2026-03-11 18:30 – Updated: 2026-05-07 21:30Execution with unnecessary privileges in Forcepoint NGFW Engine allows local privilege escalation.This issue affects NGFW Engine through 6.10.19, through 7.3.0, through 7.2.4, through 7.1.10.
{
"affected": [],
"aliases": [
"CVE-2025-12690"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-11T16:16:18Z",
"severity": "HIGH"
},
"details": "Execution with unnecessary privileges in Forcepoint NGFW Engine allows local privilege escalation.This issue affects NGFW Engine through 6.10.19,\u00a0through 7.3.0, through 7.2.4, through 7.1.10.",
"id": "GHSA-6c8f-r55r-h256",
"modified": "2026-05-07T21:30:22Z",
"published": "2026-03-11T18:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12690"
},
{
"type": "WEB",
"url": "https://support.forcepoint.com/s/article/Security-Advisory-Local-Privilege-Escalation-in-NGFW-Engine"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-6CGP-HMJX-R8FX
Vulnerability from github – Published: 2026-02-09 09:30 – Updated: 2026-02-09 09:30MacroHub developed by GIGABYTE has a Local Privilege Escalation vulnerability. Due to the MacroHub application launching external applications with improper privileges, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges.
{
"affected": [],
"aliases": [
"CVE-2026-0870"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-09T07:16:17Z",
"severity": "HIGH"
},
"details": "MacroHub developed by GIGABYTE has a Local Privilege Escalation vulnerability. Due to the MacroHub application launching external applications with improper privileges, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges.",
"id": "GHSA-6cgp-hmjx-r8fx",
"modified": "2026-02-09T09:30:21Z",
"published": "2026-02-09T09:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0870"
},
{
"type": "WEB",
"url": "https://www.gigabyte.com/Support/Security/2362"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/en/cp-139-10702-b40aa-2.html"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/tw/cp-132-10701-fc9e0-1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-6J8V-3MGJ-PGG2
Vulnerability from github – Published: 2026-02-04 21:30 – Updated: 2026-02-04 21:30IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system.
{
"affected": [],
"aliases": [
"CVE-2025-13375"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-04T21:15:57Z",
"severity": "CRITICAL"
},
"details": "IBM Common Cryptographic Architecture (CCA)\u00a07.5.52 and\u00a08.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system.",
"id": "GHSA-6j8v-3mgj-pgg2",
"modified": "2026-02-04T21:30:32Z",
"published": "2026-02-04T21:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13375"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7259625"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6MCV-X7CP-3Q3F
Vulnerability from github – Published: 2025-04-22 15:30 – Updated: 2025-04-22 15:30IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges.
{
"affected": [],
"aliases": [
"CVE-2025-1951"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-22T15:16:10Z",
"severity": "HIGH"
},
"details": "IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges.",
"id": "GHSA-6mcv-x7cp-3q3f",
"modified": "2025-04-22T15:30:53Z",
"published": "2025-04-22T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1951"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7231389"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6P6J-6HVM-6FQM
Vulnerability from github – Published: 2024-12-25 15:30 – Updated: 2024-12-25 15:30Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
{
"affected": [],
"aliases": [
"CVE-2024-47978"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-25T15:15:06Z",
"severity": "HIGH"
},
"details": "Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.",
"id": "GHSA-6p6j-6hvm-6fqm",
"modified": "2024-12-25T15:30:42Z",
"published": "2024-12-25T15:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47978"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000258904/dsa-2024-488-security-update-for-dell-nativeedge-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6V89-CGP3-2347
Vulnerability from github – Published: 2023-11-15 18:30 – Updated: 2023-11-15 18:30This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.
{
"affected": [],
"aliases": [
"CVE-2023-33873"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-15T17:15:41Z",
"severity": "HIGH"
},
"details": "\nThis privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.\n\n",
"id": "GHSA-6v89-cgp3-2347",
"modified": "2023-11-15T18:30:22Z",
"published": "2023-11-15T18:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33873"
},
{
"type": "WEB",
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6VVR-74XR-P579
Vulnerability from github – Published: 2025-03-17 18:31 – Updated: 2025-03-17 18:31Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
{
"affected": [],
"aliases": [
"CVE-2024-48013"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-17T17:15:30Z",
"severity": "HIGH"
},
"details": "Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.",
"id": "GHSA-6vvr-74xr-p579",
"modified": "2025-03-17T18:31:52Z",
"published": "2025-03-17T18:31:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48013"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000289970/dsa-2025-070-security-update-for-dell-networking-os10-vulnerabilities"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000293638/dsa-2025-069-security-update-for-dell-networking-os10-vulnerabilities"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000294091/dsa-2025-079-security-update-for-dell-networking-os10-vulnerabilities"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000295014/dsa-2025-068-security-update-for-dell-networking-os10-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6W74-QHW6-WMWC
Vulnerability from github – Published: 2026-06-04 12:30 – Updated: 2026-06-30 03:36A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise.
{
"affected": [],
"aliases": [
"CVE-2026-10843"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-04T12:16:24Z",
"severity": "HIGH"
},
"details": "A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise.",
"id": "GHSA-6w74-qhw6-wmwc",
"modified": "2026-06-30T03:36:55Z",
"published": "2026-06-04T12:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10843"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-10843"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484738"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-10843.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6WM7-GHVR-4M2G
Vulnerability from github – Published: 2025-02-05 18:34 – Updated: 2025-02-05 18:34A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials.
This vulnerability is due to an architectural flaw in the password generation algorithm for the remote access functionality. An attacker could exploit this vulnerability by generating a temporary password for the service account. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. Note: The Security Impact Rating (SIR) for this vulnerability is Medium due to the unrestricted scope of information that is accessible to an attacker.
{
"affected": [],
"aliases": [
"CVE-2025-20185"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-05T17:15:25Z",
"severity": "LOW"
},
"details": "A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials.\n\nThis vulnerability is due to an architectural flaw in the password generation algorithm for the remote access functionality. An attacker could exploit this vulnerability by generating a temporary password for the service account. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system.\nNote: The Security Impact Rating (SIR) for this vulnerability is Medium due to the unrestricted scope of information that is accessible to an attacker.",
"id": "GHSA-6wm7-ghvr-4m2g",
"modified": "2025-02-05T18:34:45Z",
"published": "2025-02-05T18:34:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20185"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-multi-yKUJhS34"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-726J-MJ58-VJQP
Vulnerability from github – Published: 2024-06-27 21:32 – Updated: 2025-11-04 00:30IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254649.
{
"affected": [],
"aliases": [
"CVE-2023-30998"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-27T19:15:11Z",
"severity": "HIGH"
},
"details": "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254649.",
"id": "GHSA-726j-mj58-vjqp",
"modified": "2025-11-04T00:30:50Z",
"published": "2024-06-27T21:32:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30998"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254649"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7158790"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Nov/0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
Mitigation MIT-18
Strategy: Separation of Privilege
Identify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting all possible communication channels that could interact with the privileged code, such as a secondary socket that is only intended to be accessed by administrators.
Mitigation MIT-18
Strategy: Attack Surface Reduction
Identify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting all possible communication channels that could interact with the privileged code, such as a secondary socket that is only intended to be accessed by administrators.
Mitigation
Perform extensive input validation for any privileged code that must be exposed to the user and reject anything that does not fit your strict requirements.
Mitigation MIT-19
When dropping privileges, ensure that they have been dropped successfully to avoid CWE-273. As protection mechanisms in the environment get stronger, privilege-dropping calls may fail even if it seems like they would always succeed.
Mitigation
If circumstances force you to run with extra privileges, then determine the minimum access level necessary. First identify the different permissions that the software and its users will need to perform their actions, such as file read and write permissions, network socket permissions, and so forth. Then explicitly allow those actions while denying all else [REF-76]. Perform extensive input validation and canonicalization to minimize the chances of introducing a separate vulnerability. This mitigation is much more prone to error than dropping the privileges in the first place.
Mitigation MIT-37
Strategy: Environment Hardening
Ensure that the software runs properly under the United States Government Configuration Baseline (USGCB) [REF-199] or an equivalent hardening configuration guide, which many organizations use to limit the attack surface and potential risk of deployed software.
CAPEC-104: Cross Zone Scripting
An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security.
CAPEC-470: Expanding Control over the Operating System from the Database
An attacker is able to leverage access gained to the database to read / write data to the file system, compromise the operating system, create a tunnel for accessing the host machine, and use this access to potentially attack other machines on the same network as the database machine. Traditionally SQL injections attacks are viewed as a way to gain unauthorized read access to the data stored in the database, modify the data in the database, delete the data, etc. However, almost every data base management system (DBMS) system includes facilities that if compromised allow an attacker complete access to the file system, operating system, and full access to the host running the database. The attacker can then use this privileged access to launch subsequent attacks. These facilities include dropping into a command shell, creating user defined functions that can call system level libraries present on the host machine, stored procedures, etc.
CAPEC-69: Target Programs with Elevated Privileges
This attack targets programs running with elevated privileges. The adversary tries to leverage a vulnerability in the running program and get arbitrary code to execute with elevated privileges.