CWE-250
AllowedExecution with Unnecessary Privileges
Abstraction: Base · Status: Draft
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
573 vulnerabilities reference this CWE, most recent first.
GHSA-FP4M-47R9-PQ7C
Vulnerability from github – Published: 2024-06-14 03:31 – Updated: 2024-07-04 06:35The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.
{
"affected": [],
"aliases": [
"CVE-2024-27147"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-14T03:15:11Z",
"severity": "HIGH"
},
"details": "The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.",
"id": "GHSA-fp4m-47r9-pq7c",
"modified": "2024-07-04T06:35:02Z",
"published": "2024-06-14T03:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27147"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
},
{
"type": "WEB",
"url": "https://www.toshibatec.com/information/20240531_01.html"
},
{
"type": "WEB",
"url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FQMJ-J6QQ-43C5
Vulnerability from github – Published: 2024-03-28 03:30 – Updated: 2025-01-14 06:32Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker who has obtained high privileges can execute arbitrary scripts.
{
"affected": [],
"aliases": [
"CVE-2024-28005"
],
"database_specific": {
"cwe_ids": [
"CWE-250",
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-28T01:15:47Z",
"severity": "MODERATE"
},
"details": "Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker who has obtained high privileges can execute arbitrary scripts.",
"id": "GHSA-fqmj-j6qq-43c5",
"modified": "2025-01-14T06:32:00Z",
"published": "2024-03-28T03:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28005"
},
{
"type": "WEB",
"url": "https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html"
},
{
"type": "WEB",
"url": "https://jpn.nec.com/security-info/secinfo/nv24-001_en.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-FRV4-JXQ5-MPJM
Vulnerability from github – Published: 2026-05-13 18:30 – Updated: 2026-05-13 18:30A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2026-32643"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-13T16:16:39Z",
"severity": "HIGH"
},
"details": "A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-frv4-jxq5-mpjm",
"modified": "2026-05-13T18:30:54Z",
"published": "2026-05-13T18:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32643"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000160972"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-FWP5-77CH-C7C8
Vulnerability from github – Published: 2025-07-25 15:30 – Updated: 2025-07-25 15:30IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of service for some database actions.
{
"affected": [],
"aliases": [
"CVE-2025-33109"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-24T15:15:25Z",
"severity": "HIGH"
},
"details": "IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of service for some database actions.",
"id": "GHSA-fwp5-77ch-c7c8",
"modified": "2025-07-25T15:30:45Z",
"published": "2025-07-25T15:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33109"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7240410"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FX4Q-RCH7-V9MH
Vulnerability from github – Published: 2026-04-27 18:32 – Updated: 2026-04-27 18:32Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain an Execution with Unnecessary Privileges vulnerability in the AWCC. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
{
"affected": [],
"aliases": [
"CVE-2026-25908"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-27T18:16:53Z",
"severity": "MODERATE"
},
"details": "Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain an Execution with Unnecessary Privileges vulnerability in the AWCC. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.",
"id": "GHSA-fx4q-rch7-v9mh",
"modified": "2026-04-27T18:32:09Z",
"published": "2026-04-27T18:32:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25908"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000451018/dsa-2026-192-security-update-for-dell-alienware-command-center-6-x-for-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G496-2H33-MPVW
Vulnerability from github – Published: 2025-02-11 21:32 – Updated: 2025-02-11 21:32SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2024-21924"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-11T21:15:12Z",
"severity": "HIGH"
},
"details": "SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution.",
"id": "GHSA-g496-2h33-mpvw",
"modified": "2025-02-11T21:32:08Z",
"published": "2025-02-11T21:32:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21924"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7028.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G632-G6JH-G6FG
Vulnerability from github – Published: 2024-11-08 12:31 – Updated: 2025-11-04 00:31Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is writable for all users. In addition, the Elefant installer registers two Firebird database services which are running as “NT AUTHORITY\SYSTEM”.
Path: C:\Elefant1\Firebird_2\bin\fbserver.exe
Path: C:\Elefant1\Firebird_2\bin\fbguard.exe
Both service binaries are user writable. This means that a local attacker can rename one of the service binaries, replace the service executable with a new executable, and then restart the system. Once the system has rebooted, the new service binary is executed as "NT AUTHORITY\SYSTEM".
{
"affected": [],
"aliases": [
"CVE-2024-50590"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-08T12:15:14Z",
"severity": "HIGH"
},
"details": "Attackers with local access to the medical office computer can \nescalate their Windows user privileges to \"NT AUTHORITY\\SYSTEM\" by \noverwriting one of two Elefant service binaries with weak permissions.\u00a0The default installation directory of Elefant is \"C:\\Elefant1\" which is \nwritable for all users. In addition, the Elefant installer registers two\n Firebird database services which are running as \u201cNT AUTHORITY\\SYSTEM\u201d.\u00a0\n\nPath: C:\\Elefant1\\Firebird_2\\bin\\fbserver.exe\n\nPath: C:\\Elefant1\\Firebird_2\\bin\\fbguard.exe\n\n\nBoth service binaries are user writable. This means that a local \nattacker can rename one of the service binaries, replace the service \nexecutable with a new executable, and then restart the system. Once the \nsystem has rebooted, the new service binary is executed as \"NT \nAUTHORITY\\SYSTEM\".",
"id": "GHSA-g632-g6jh-g6fg",
"modified": "2025-11-04T00:31:58Z",
"published": "2024-11-08T12:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50590"
},
{
"type": "WEB",
"url": "https://hasomed.de/produkte/elefant"
},
{
"type": "WEB",
"url": "https://r.sec-consult.com/hasomed"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Nov/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G6QM-RQ8X-47VJ
Vulnerability from github – Published: 2025-04-08 03:32 – Updated: 2025-04-08 03:32The SSH service of PowerStation from HGiga has a Chroot Escape vulnerability, allowing attackers with root privileges to bypass chroot restrictions and access the entire file system.
{
"affected": [],
"aliases": [
"CVE-2025-3364"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T03:15:16Z",
"severity": "CRITICAL"
},
"details": "The SSH service of PowerStation from HGiga has a Chroot Escape vulnerability, allowing attackers with root privileges to bypass chroot restrictions and access the entire file system.",
"id": "GHSA-g6qm-rq8x-47vj",
"modified": "2025-04-08T03:32:37Z",
"published": "2025-04-08T03:32:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3364"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/en/cp-139-10058-fce0b-2.html"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/tw/cp-132-10057-58c05-1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GG8Q-GXM4-V22C
Vulnerability from github – Published: 2025-04-11 04:19 – Updated: 2025-06-27 18:30A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit.
{
"affected": [],
"aliases": [
"CVE-2025-0120"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-11T02:15:18Z",
"severity": "HIGH"
},
"details": "A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect\u2122 app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit.",
"id": "GHSA-gg8q-gxm4-v22c",
"modified": "2025-06-27T18:30:37Z",
"published": "2025-04-11T04:19:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0120"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2025-0120"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber",
"type": "CVSS_V4"
}
]
}
GHSA-GGRR-222R-C74P
Vulnerability from github – Published: 2024-11-12 21:30 – Updated: 2024-11-12 21:30A local privilege escalation vulnerability in the SecuSUITE Server (System Configuration) of SecuSUITE versions 5.0.420 and earlier could allow a successful attacker that had gained control of code running under one of the system accounts listed in the configuration file to potentially issue privileged script commands.
{
"affected": [],
"aliases": [
"CVE-2024-51722"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-12T19:15:18Z",
"severity": "MODERATE"
},
"details": "A local privilege escalation vulnerability in the SecuSUITE Server (System Configuration) of SecuSUITE versions 5.0.420 and earlier could allow a successful attacker that had gained control of code running under one of the system accounts listed in the configuration file to potentially issue privileged script commands.",
"id": "GHSA-ggrr-222r-c74p",
"modified": "2024-11-12T21:30:54Z",
"published": "2024-11-12T21:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51722"
},
{
"type": "WEB",
"url": "https://support.blackberry.com/pkb/s/article/140220"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
Mitigation MIT-18
Strategy: Separation of Privilege
Identify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting all possible communication channels that could interact with the privileged code, such as a secondary socket that is only intended to be accessed by administrators.
Mitigation MIT-18
Strategy: Attack Surface Reduction
Identify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting all possible communication channels that could interact with the privileged code, such as a secondary socket that is only intended to be accessed by administrators.
Mitigation
Perform extensive input validation for any privileged code that must be exposed to the user and reject anything that does not fit your strict requirements.
Mitigation MIT-19
When dropping privileges, ensure that they have been dropped successfully to avoid CWE-273. As protection mechanisms in the environment get stronger, privilege-dropping calls may fail even if it seems like they would always succeed.
Mitigation
If circumstances force you to run with extra privileges, then determine the minimum access level necessary. First identify the different permissions that the software and its users will need to perform their actions, such as file read and write permissions, network socket permissions, and so forth. Then explicitly allow those actions while denying all else [REF-76]. Perform extensive input validation and canonicalization to minimize the chances of introducing a separate vulnerability. This mitigation is much more prone to error than dropping the privileges in the first place.
Mitigation MIT-37
Strategy: Environment Hardening
Ensure that the software runs properly under the United States Government Configuration Baseline (USGCB) [REF-199] or an equivalent hardening configuration guide, which many organizations use to limit the attack surface and potential risk of deployed software.
CAPEC-104: Cross Zone Scripting
An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security.
CAPEC-470: Expanding Control over the Operating System from the Database
An attacker is able to leverage access gained to the database to read / write data to the file system, compromise the operating system, create a tunnel for accessing the host machine, and use this access to potentially attack other machines on the same network as the database machine. Traditionally SQL injections attacks are viewed as a way to gain unauthorized read access to the data stored in the database, modify the data in the database, delete the data, etc. However, almost every data base management system (DBMS) system includes facilities that if compromised allow an attacker complete access to the file system, operating system, and full access to the host running the database. The attacker can then use this privileged access to launch subsequent attacks. These facilities include dropping into a command shell, creating user defined functions that can call system level libraries present on the host machine, stored procedures, etc.
CAPEC-69: Target Programs with Elevated Privileges
This attack targets programs running with elevated privileges. The adversary tries to leverage a vulnerability in the running program and get arbitrary code to execute with elevated privileges.