CWE-250
AllowedExecution with Unnecessary Privileges
Abstraction: Base · Status: Draft
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
573 vulnerabilities reference this CWE, most recent first.
GHSA-VG55-7PCG-MJ4H
Vulnerability from github – Published: 2024-12-14 15:30 – Updated: 2024-12-14 15:30IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1
contains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can elevate privileges to gain root access to the host operating system.
{
"affected": [],
"aliases": [
"CVE-2024-31891"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-14T13:15:17Z",
"severity": "HIGH"
},
"details": "IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 \n\ncontains a local privilege escalation vulnerability. A malicious actor with command line access to the \u0027scalemgmt\u0027 user can elevate privileges to gain root access to the host operating system.",
"id": "GHSA-vg55-7pcg-mj4h",
"modified": "2024-12-14T15:30:45Z",
"published": "2024-12-14T15:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31891"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7178098"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VM2P-FHXF-P4VW
Vulnerability from github – Published: 2022-06-25 00:00 – Updated: 2022-07-07 00:00Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code.
{
"affected": [],
"aliases": [
"CVE-2022-1744"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-24T15:15:00Z",
"severity": "HIGH"
},
"details": "Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code.",
"id": "GHSA-vm2p-fhxf-p4vw",
"modified": "2022-07-07T00:00:29Z",
"published": "2022-06-25T00:00:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1744"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VMCP-WJHR-R9PQ
Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2024-03-21 03:34** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services.
{
"affected": [],
"aliases": [
"CVE-2021-25651"
],
"database_specific": {
"cwe_ids": [
"CWE-250",
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-24T09:15:00Z",
"severity": "HIGH"
},
"details": "** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services.",
"id": "GHSA-vmcp-wjhr-r9pq",
"modified": "2024-03-21T03:34:05Z",
"published": "2022-05-24T19:06:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25651"
},
{
"type": "WEB",
"url": "https://support.avaya.com/css/P8/documents/101072728"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VMFR-35CQ-G5CH
Vulnerability from github – Published: 2024-06-10 21:30 – Updated: 2026-04-02 21:31The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to break out of its sandbox.
{
"affected": [],
"aliases": [
"CVE-2024-23299"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-10T20:15:13Z",
"severity": "HIGH"
},
"details": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to break out of its sandbox.",
"id": "GHSA-vmfr-35cq-g5ch",
"modified": "2026-04-02T21:31:43Z",
"published": "2024-06-10T21:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23299"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120884"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120886"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120895"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214083"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214084"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214085"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214083"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214084"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214085"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VMH5-RQQV-Q3V3
Vulnerability from github – Published: 2026-05-19 21:32 – Updated: 2026-05-19 21:32Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges.
This issue affects Automic Automation: < 24.4.4 HF1.
{
"affected": [],
"aliases": [
"CVE-2026-8370"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-19T19:16:51Z",
"severity": "HIGH"
},
"details": "Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges.\n\nThis issue affects Automic Automation: \u003c 24.4.4 HF1.",
"id": "GHSA-vmh5-rqqv-q3v3",
"modified": "2026-05-19T21:32:03Z",
"published": "2026-05-19T21:32:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8370"
},
{
"type": "WEB",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37512"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-VMVQ-4VV4-P8F9
Vulnerability from github – Published: 2024-09-17 09:31 – Updated: 2024-09-17 09:31Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147.
{
"affected": [],
"aliases": [
"CVE-2024-8767"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-17T09:15:03Z",
"severity": "CRITICAL"
},
"details": "Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel \u0026 WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147.",
"id": "GHSA-vmvq-4vv4-p8f9",
"modified": "2024-09-17T09:31:20Z",
"published": "2024-09-17T09:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8767"
},
{
"type": "WEB",
"url": "https://security-advisory.acronis.com/advisories/SEC-4976"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VMX7-GQGQ-2JHH
Vulnerability from github – Published: 2023-10-12 21:30 – Updated: 2024-04-04 08:36SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user.
{
"affected": [],
"aliases": [
"CVE-2023-27313"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-12T19:15:11Z",
"severity": "HIGH"
},
"details": "SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a \nvulnerability which may allow an authenticated unprivileged user to gain\n access as an admin user.\n\n",
"id": "GHSA-vmx7-gqgq-2jhh",
"modified": "2024-04-04T08:36:11Z",
"published": "2023-10-12T21:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27313"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230713-0002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VP9W-43WR-G8FJ
Vulnerability from github – Published: 2023-05-26 18:30 – Updated: 2023-12-08 21:30A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.
{
"affected": [],
"aliases": [
"CVE-2023-2002"
],
"database_specific": {
"cwe_ids": [
"CWE-250",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-26T17:15:14Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.",
"id": "GHSA-vp9w-43wr-g8fj",
"modified": "2023-12-08T21:30:28Z",
"published": "2023-05-26T18:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2002"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240202-0004"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2023/04/16/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VR4Q-VX84-9G5X
Vulnerability from github – Published: 2024-03-19 06:30 – Updated: 2024-06-10 18:30setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.
{
"affected": [],
"aliases": [
"CVE-2024-22017"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-19T05:15:10Z",
"severity": "HIGH"
},
"details": "setuid() does not affect libuv\u0027s internal io_uring operations if initialized before the call to setuid().\nThis allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().\nThis vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.",
"id": "GHSA-vr4q-vx84-9g5x",
"modified": "2024-06-10T18:30:52Z",
"published": "2024-03-19T06:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22017"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/2170226"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240517-0007"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-VV3F-2V3M-G822
Vulnerability from github – Published: 2024-01-11 09:30 – Updated: 2025-05-14 21:31TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg function.
{
"affected": [],
"aliases": [
"CVE-2023-52030"
],
"database_specific": {
"cwe_ids": [
"CWE-250"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-11T09:15:47Z",
"severity": "CRITICAL"
},
"details": "TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg function.",
"id": "GHSA-vv3f-2v3m-g822",
"modified": "2025-05-14T21:31:12Z",
"published": "2024-01-11T09:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52030"
},
{
"type": "WEB",
"url": "https://815yang.github.io/2023/12/04/a3700r/TOTOlink%20A3700R%28setOpModeCfg%29"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
Mitigation MIT-18
Strategy: Separation of Privilege
Identify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting all possible communication channels that could interact with the privileged code, such as a secondary socket that is only intended to be accessed by administrators.
Mitigation MIT-18
Strategy: Attack Surface Reduction
Identify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting all possible communication channels that could interact with the privileged code, such as a secondary socket that is only intended to be accessed by administrators.
Mitigation
Perform extensive input validation for any privileged code that must be exposed to the user and reject anything that does not fit your strict requirements.
Mitigation MIT-19
When dropping privileges, ensure that they have been dropped successfully to avoid CWE-273. As protection mechanisms in the environment get stronger, privilege-dropping calls may fail even if it seems like they would always succeed.
Mitigation
If circumstances force you to run with extra privileges, then determine the minimum access level necessary. First identify the different permissions that the software and its users will need to perform their actions, such as file read and write permissions, network socket permissions, and so forth. Then explicitly allow those actions while denying all else [REF-76]. Perform extensive input validation and canonicalization to minimize the chances of introducing a separate vulnerability. This mitigation is much more prone to error than dropping the privileges in the first place.
Mitigation MIT-37
Strategy: Environment Hardening
Ensure that the software runs properly under the United States Government Configuration Baseline (USGCB) [REF-199] or an equivalent hardening configuration guide, which many organizations use to limit the attack surface and potential risk of deployed software.
CAPEC-104: Cross Zone Scripting
An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security.
CAPEC-470: Expanding Control over the Operating System from the Database
An attacker is able to leverage access gained to the database to read / write data to the file system, compromise the operating system, create a tunnel for accessing the host machine, and use this access to potentially attack other machines on the same network as the database machine. Traditionally SQL injections attacks are viewed as a way to gain unauthorized read access to the data stored in the database, modify the data in the database, delete the data, etc. However, almost every data base management system (DBMS) system includes facilities that if compromised allow an attacker complete access to the file system, operating system, and full access to the host running the database. The attacker can then use this privileged access to launch subsequent attacks. These facilities include dropping into a command shell, creating user defined functions that can call system level libraries present on the host machine, stored procedures, etc.
CAPEC-69: Target Programs with Elevated Privileges
This attack targets programs running with elevated privileges. The adversary tries to leverage a vulnerability in the running program and get arbitrary code to execute with elevated privileges.