CWE-250
AllowedExecution with Unnecessary Privileges
Abstraction: Base · Status: Draft
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
573 vulnerabilities reference this CWE, most recent first.
GHSA-C5FJ-FP4V-3GQR
Vulnerability from github – Published: 2025-06-14 03:30 – Updated: 2025-06-14 03:30IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call made by a BRMS program. A malicious actor could cause user-controlled code to run with component access to the host operating system.
{
"affected": [],
"aliases": [
"CVE-2025-33108"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-14T01:15:19Z",
"severity": "HIGH"
},
"details": "IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call made by a BRMS program. A malicious actor could cause user-controlled code to run with component access to the host operating system.",
"id": "GHSA-c5fj-fp4v-3gqr",
"modified": "2025-06-14T03:30:28Z",
"published": "2025-06-14T03:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33108"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7236663"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C5P3-XHR8-MWW5
Vulnerability from github – Published: 2025-09-17 00:31 – Updated: 2025-09-17 00:31A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Successful exploitation could allow an attacker to disrupt system operations, potentially resulting in an unstable system state.
{
"affected": [],
"aliases": [
"CVE-2025-37128"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-16T23:15:32Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Successful exploitation could allow an attacker to disrupt system operations, potentially resulting in an unstable system state.",
"id": "GHSA-c5p3-xhr8-mww5",
"modified": "2025-09-17T00:31:11Z",
"published": "2025-09-17T00:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37128"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04943en_us\u0026docLocale=en_US"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C835-VVH2-8X99
Vulnerability from github – Published: 2026-01-13 12:31 – Updated: 2026-01-13 12:31A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.4). Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges.
{
"affected": [],
"aliases": [
"CVE-2025-40942"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-13T10:15:58Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in TeleControl Server Basic (All versions \u003c V3.1.2.4). Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges.",
"id": "GHSA-c835-vvh2-8x99",
"modified": "2026-01-13T12:31:13Z",
"published": "2026-01-13T12:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40942"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-192617.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-C99Q-9GJF-FC69
Vulnerability from github – Published: 2025-04-29 18:30 – Updated: 2025-04-29 18:30CWE-250: Execution with Unnecessary Privileges
{
"affected": [],
"aliases": [
"CVE-2025-23181"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-29T17:15:40Z",
"severity": "HIGH"
},
"details": "CWE-250: Execution with Unnecessary Privileges",
"id": "GHSA-c99q-9gjf-fc69",
"modified": "2025-04-29T18:30:59Z",
"published": "2025-04-29T18:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23181"
},
{
"type": "WEB",
"url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CC7W-H7G4-GQ6P
Vulnerability from github – Published: 2026-05-14 00:31 – Updated: 2026-05-14 00:31Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints.
{
"affected": [],
"aliases": [
"CVE-2026-29205"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-13T22:16:42Z",
"severity": "HIGH"
},
"details": "Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints.",
"id": "GHSA-cc7w-h7g4-gq6p",
"modified": "2026-05-14T00:31:56Z",
"published": "2026-05-14T00:31:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29205"
},
{
"type": "WEB",
"url": "https://support.cpanel.net/hc/en-us/articles/40437020299927-Security-CVE-2026-29205-cPanel-WHM-WP2-Security-Update-May-13-2026"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-CC8M-98FM-RC9G
Vulnerability from github – Published: 2026-01-16 21:03 – Updated: 2026-01-16 21:57Impact
Arbitrary code execution through lua filters.
The default skipper configuration before v0.23 was -lua-sources=inline,file.
The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The configuration inline allows these user to create a script that is able to read the filesystem accessible to the skipper process and if the user has access to read the logs they an read skipper secrets.
Kubernetes example (vulnerability is not limited to Kubernetes)
function request(ctx, params)
local file = io.open('/var/run/secrets/kubernetes.io/serviceaccount/token', 'r')
if file then
local token = file:read('*all')
file:close()
error('[EXFIL] ' .. token) -- Exfiltrate via error logs
end
end
Patches
https://github.com/zalando/skipper/releases/tag/v0.23.0 disables Lua by default.
Workarounds
You can reduce support of how you can pass lua filter script data by providing config for lua sources https://opensource.zalando.com/skipper/reference/scripts/#enable-and-disable-lua-sources. For example -lua-sources=file will only be exploitable if the attacker can create a lua script file on the target system.
References
https://opensource.zalando.com/skipper/reference/scripts/#enable-and-disable-lua-sources
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/zalando/skipper"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.23.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-23742"
],
"database_specific": {
"cwe_ids": [
"CWE-250",
"CWE-522",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-16T21:03:34Z",
"nvd_published_at": "2026-01-16T20:15:51Z",
"severity": "HIGH"
},
"details": "### Impact\n\nArbitrary code execution through [lua filters](https://opensource.zalando.com/skipper/reference/scripts/).\n\nThe default skipper configuration before v0.23 was `-lua-sources=inline,file`. \nThe problem starts if untrusted users can create lua filters, because of `-lua-sources=inline` , for example through a Kubernetes Ingress resource. The configuration `inline` allows these user to create a script that is able to read the filesystem accessible to the skipper process and if the user has access to read the logs they an read skipper secrets.\n\nKubernetes example (vulnerability is not limited to Kubernetes)\n```lua\nfunction request(ctx, params)\n local file = io.open(\u0027/var/run/secrets/kubernetes.io/serviceaccount/token\u0027, \u0027r\u0027)\n if file then\n local token = file:read(\u0027*all\u0027)\n file:close()\n error(\u0027[EXFIL] \u0027 .. token) -- Exfiltrate via error logs\n end\nend\n```\n\n### Patches\n\nhttps://github.com/zalando/skipper/releases/tag/v0.23.0 disables Lua by default.\n\n### Workarounds\n\nYou can reduce support of how you can pass lua filter script data by providing config for lua sources https://opensource.zalando.com/skipper/reference/scripts/#enable-and-disable-lua-sources. For example `-lua-sources=file` will only be exploitable if the attacker can create a lua script file on the target system. \n\n### References\n\nhttps://opensource.zalando.com/skipper/reference/scripts/#enable-and-disable-lua-sources",
"id": "GHSA-cc8m-98fm-rc9g",
"modified": "2026-01-16T21:57:03Z",
"published": "2026-01-16T21:03:34Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/zalando/skipper/security/advisories/GHSA-cc8m-98fm-rc9g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23742"
},
{
"type": "WEB",
"url": "https://github.com/zalando/skipper/commit/0b52894570773b29e2f3c571b94b4211ef8fa714"
},
{
"type": "PACKAGE",
"url": "https://github.com/zalando/skipper"
},
{
"type": "WEB",
"url": "https://github.com/zalando/skipper/releases/tag/v0.23.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Skipper is vulnerable to arbitrary code execution through lua filters"
}
GHSA-CG42-MQC9-9FHP
Vulnerability from github – Published: 2025-10-31 00:30 – Updated: 2025-11-05 18:31Nagios XI versions prior to 5.5.7 contain a privilege escalation vulnerability in the MRTG graphing component. MRTG-related processes/scripts executed with excessive privileges, allowing a local attacker with limited system access to abuse file/command execution paths or writable resources to gain elevated privileges.
{
"affected": [],
"aliases": [
"CVE-2018-25123"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-30T22:15:37Z",
"severity": "HIGH"
},
"details": "Nagios XI versions prior to\u00a05.5.7\u00a0contain a privilege escalation vulnerability in the MRTG graphing component. MRTG-related processes/scripts executed with excessive privileges, allowing a local attacker with limited system access to abuse file/command execution paths or writable resources to gain elevated privileges.",
"id": "GHSA-cg42-mqc9-9fhp",
"modified": "2025-11-05T18:31:29Z",
"published": "2025-10-31T00:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25123"
},
{
"type": "WEB",
"url": "https://www.nagios.com/changelog/nagios-xi"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/nagios-xi-privilege-escalation-via-mrtg-graphing-component"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-CJ9M-62W3-RJ89
Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2024-06-21 21:33In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.
{
"affected": [],
"aliases": [
"CVE-2021-41035"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-25T15:15:00Z",
"severity": "CRITICAL"
},
"details": "In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.",
"id": "GHSA-cj9m-62w3-rj89",
"modified": "2024-06-21T21:33:51Z",
"published": "2022-05-24T19:18:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41035"
},
{
"type": "WEB",
"url": "https://github.com/eclipse-openj9/openj9/pull/13740"
},
{
"type": "WEB",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=576395"
},
{
"type": "WEB",
"url": "https://gitlab.eclipse.org/eclipsefdn/emo-team/emo/-/issues/104"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CPGH-JGG7-2WC4
Vulnerability from github – Published: 2024-11-12 06:30 – Updated: 2024-11-12 06:30Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution
{
"affected": [],
"aliases": [
"CVE-2024-48837"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-12T04:15:05Z",
"severity": "HIGH"
},
"details": "Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution",
"id": "GHSA-cpgh-jgg7-2wc4",
"modified": "2024-11-12T06:30:34Z",
"published": "2024-11-12T06:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48837"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000247217/dsa-2024-425-security-update-for-dell-networking-os10-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CPMX-5WRQ-WV6M
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2023-10-16 18:30A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this vulnerability by invoking a privileged process in the affected system. A successful exploit could allow the attacker to perform actions with the privileges of the root user.
{
"affected": [],
"aliases": [
"CVE-2021-1528"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-04T17:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this vulnerability by invoking a privileged process in the affected system. A successful exploit could allow the attacker to perform actions with the privileges of the root user.",
"id": "GHSA-cpmx-5wrq-wv6m",
"modified": "2023-10-16T18:30:24Z",
"published": "2022-05-24T19:04:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1528"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-fuErCWwF"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
Mitigation MIT-18
Strategy: Separation of Privilege
Identify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting all possible communication channels that could interact with the privileged code, such as a secondary socket that is only intended to be accessed by administrators.
Mitigation MIT-18
Strategy: Attack Surface Reduction
Identify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting all possible communication channels that could interact with the privileged code, such as a secondary socket that is only intended to be accessed by administrators.
Mitigation
Perform extensive input validation for any privileged code that must be exposed to the user and reject anything that does not fit your strict requirements.
Mitigation MIT-19
When dropping privileges, ensure that they have been dropped successfully to avoid CWE-273. As protection mechanisms in the environment get stronger, privilege-dropping calls may fail even if it seems like they would always succeed.
Mitigation
If circumstances force you to run with extra privileges, then determine the minimum access level necessary. First identify the different permissions that the software and its users will need to perform their actions, such as file read and write permissions, network socket permissions, and so forth. Then explicitly allow those actions while denying all else [REF-76]. Perform extensive input validation and canonicalization to minimize the chances of introducing a separate vulnerability. This mitigation is much more prone to error than dropping the privileges in the first place.
Mitigation MIT-37
Strategy: Environment Hardening
Ensure that the software runs properly under the United States Government Configuration Baseline (USGCB) [REF-199] or an equivalent hardening configuration guide, which many organizations use to limit the attack surface and potential risk of deployed software.
CAPEC-104: Cross Zone Scripting
An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security.
CAPEC-470: Expanding Control over the Operating System from the Database
An attacker is able to leverage access gained to the database to read / write data to the file system, compromise the operating system, create a tunnel for accessing the host machine, and use this access to potentially attack other machines on the same network as the database machine. Traditionally SQL injections attacks are viewed as a way to gain unauthorized read access to the data stored in the database, modify the data in the database, delete the data, etc. However, almost every data base management system (DBMS) system includes facilities that if compromised allow an attacker complete access to the file system, operating system, and full access to the host running the database. The attacker can then use this privileged access to launch subsequent attacks. These facilities include dropping into a command shell, creating user defined functions that can call system level libraries present on the host machine, stored procedures, etc.
CAPEC-69: Target Programs with Elevated Privileges
This attack targets programs running with elevated privileges. The adversary tries to leverage a vulnerability in the running program and get arbitrary code to execute with elevated privileges.