CWE-250— Execution with Unnecessary Privileges
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.— MITRE CWE catalog
327 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-250page 6 of 7
- CVE-2025-46696MEDIUMCVSS 6.4EG 6.42026-01-06
Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application, version(s) versions 5.26 to 5.30, contain(s) an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit th…
- CVE-2025-48573HIGHCVSS 7.8EG 7.82025-12-08
In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use abuse. This could lead to local escalation of privilege with no additional execu…
- CVE-2025-49581HIGHCVSS 8.8EG 8.82025-06-13
XWiki is a generic wiki platform. Any user with edit right on a page (could be the user's profile) can execute code (Groovy, Python, Velocity) with programming right by defining a wiki macro. This allows full access to the whole XWiki inst…
- CVE-2025-50505HIGHCVSS 7.8EG 7.82025-10-07
Clash Verge Rev thru 2.2.3 (fixed in 2.3.0) forces the installation of system services(clash-verge-service) by default and exposes key functions through the unauthorized HTTP API `/start_clash`, allowing local users to submit arbitrary bin…
- CVE-2025-50753HIGHCVSS 8.4EG 8.42025-08-26
Mitrastar GPT-2741GNAC-N2 devices are provided with access through ssh into a restricted default shell.The command "deviceinfo show file" is supposed to be used from restricted shell to show files and directories. By providing " /bin/sh" (…
- CVE-2025-5196MEDIUMCVSS 6.6EG 6.62025-05-26
A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Lua Admin Console. The manipulation leads to execution with unnecessary p…
- CVE-2025-55077HIGHCVSS 7.4EG 7.42025-08-07
Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Tec…
- CVE-2025-56557CRITICALCVSS 9.1EG 9.12025-09-16
An issue discovered in the Tuya Smart Life App 5.6.1 allows attackers to unprivileged control Matter devices via the Matter protocol.
- CVE-2025-57119CRITICALCVSS 9.8EG 9.82025-09-16
An issue in Online Library Management System v.3.0 allows an attacker to escalate privileges via the adminlogin.php component and the Login function
- CVE-2025-57780HIGHCVSS 8.8EG 8.82025-10-15
A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versi…
- CVE-2025-58379MEDIUMCVSS 5.5EG 5.52026-02-03
Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker to reveal command line passwords using commands that may expose higher privilege sensitive information by a lower privileged user.
- CVE-2025-58383HIGHCVSS 7.2EG 7.22026-02-03
A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands.
- CVE-2025-58431MEDIUMCVSS 6.2EG 6.22025-09-17
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and earlier, the /v2_1/files/file/download endpoint allows file read from ANY USER who has access to localhost. File reads are …
- CVE-2025-58432HIGHCVSS 7.8EG 7.82025-09-17
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v2_1/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. Fi…
- CVE-2025-59481HIGHCVSS 8.7EG 8.72025-10-15
A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges. A…
- CVE-2025-6019HIGHCVSS 7.0EG 7.02025-06-19
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev inte…
- CVE-2025-61909MEDIUMCVSS 4.4EG 4.42025-10-16
Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script (also used during systemctl reload icinga2) and logrotate configuration shipped with Icinga 2 read the PID of the main …
- CVE-2025-61958HIGHCVSS 8.7EG 8.72025-10-15
A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions and gain access to a bash shell. For BIG-IP systems running in Appliance mode…
- CVE-2025-62402MEDIUMCVSS 5.4EG 5.42025-10-30
API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.
- CVE-2025-62503MEDIUMCVSS 4.6EG 4.62025-10-30
User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action.
- CVE-2025-62876MEDIUMCVSS 5.3EG 5.32025-11-12
A Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root.This issue affects lightdm-kde-greeter. before 6.0.4.
- CVE-2025-67510CRITICALCVSS 9.4EG 9.42025-12-10
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is cons…
- CVE-2025-6893CRITICALCVSS 9.3EG 9.32025-10-17
An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in broken access control has been identified in the /api/v1/setting/data endpoint of the affected device…
- CVE-2025-6894MEDIUMCVSS 5.3EG 5.32025-10-17
An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authorization logic of the affected device allows an authenticated, low-privileged user to ex…
- CVE-2025-6949CRITICALCVSS 9.3EG 9.32025-10-17
An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A critical authorization flaw in the API allows an authenticated, low-privileged user to create a new administr…
- CVE-2025-8486HIGHCVSS 7.8EG 7.82025-10-15
A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges.
- CVE-2025-8907HIGHCVSS 7.0EG 7.02025-08-13
A vulnerability was found in H3C M2 NAS V100R006. Affected by this vulnerability is an unknown functionality of the component Webserver Configuration. The manipulation leads to execution with unnecessary privileges. An attack has to be app…
- CVE-2025-9055MEDIUMCVSS 6.4EG 6.42025-11-11
The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service ac…
- CVE-2026-0870HIGHCVSS 7.8EG 7.82026-02-09
MacroHub developed by GIGABYTE has a Local Privilege Escalation vulnerability. Due to the MacroHub application launching external applications with improper privileges, allowing authenticated local attackers to execute arbitrary code with …
- CVE-2026-10843HIGHCVSS 7.2EG 7.22026-06-04
A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabl…
- CVE-2026-11167CRITICALCVSS 9.6EG 9.62026-06-04
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium securi…
- CVE-2026-11626MEDIUMCVSS 5.4EG 5.42026-06-10
CleanWipe Removal Tool (macOS), prior to 16.0.0.65, may be susceptible to an Local Privilege Escalation vulnerability, which is a type of issue whereby an attacker with limited privilege access on an affected system can escalate their pri…
- CVE-2026-12027CRITICALCVSS 9.6EG 9.62026-06-11
Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severi…
- CVE-2026-12505HIGHCVSS 7.8EG 7.82026-06-18
A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this b…
- CVE-2026-1346CRITICALCVSS 9.3EG 9.32026-04-08
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a l…
- CVE-2026-1680HIGHCVSS 7.8EG 7.82026-01-30
Improper access control in the WCF endpoint in Edgemo (now owned by Danoffice IT) Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication with the LocalAdm…
- CVE-2026-20037MEDIUMCVSS 4.4EG 4.42026-02-25
A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system. This vu…
- CVE-2026-22008LOWCVSS 3.7EG 3.72026-04-21
Vulnerability in Oracle Java SE (component: Libraries). The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to co…
- CVE-2026-22549MEDIUMCVSS 4.9EG 4.92026-02-04
A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2026-23528MEDIUMCVSS 6.1EG 6.12026-01-16
Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupy…
- CVE-2026-23559CRITICALCVSS 9.4EG 9.42026-07-09
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] XAPI can configure different users with different roles, using Role Based Access Control. For more details,…
- CVE-2026-23560CRITICALCVSS 9.4EG 9.42026-07-09
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] XAPI can configure different users with different roles, using Role Based Access Control. For more details, s…
- CVE-2026-23561CRITICALCVSS 9.4EG 9.42026-07-09
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] XAPI can configure different users with different roles, using Role Based Access Control. For more details, s…
- CVE-2026-23562CRITICALCVSS 9.4EG 9.42026-07-09
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] XAPI can configure different users with different roles, using Role Based Access Control. For more details, s…
- CVE-2026-23742HIGHCVSS 8.8EG 8.82026-01-16
Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline…
- CVE-2026-25212CRITICALCVSS 9.9EG 9.92026-04-02
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and …
- CVE-2026-25643CRITICALCVSS 9.1EG 9.12026-02-06
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution (RCE) vulnerability has been identified in the Frigate integration with go2rtc. The applica…
- CVE-2026-25710HIGHCVSS 7.0EG 7.02026-05-13
The new upstream added a privileged D-Bus helper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmalogin service account can chown() arbitrary files in the system.
- CVE-2026-25740MEDIUMCVSS 5.8EG 5.82026-02-09
captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAP_NET_…
- CVE-2026-25908MEDIUMCVSS 6.7EG 6.72026-04-27
Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain an Execution with Unnecessary Privileges vulnerability in the AWCC. A low privileged attacker with local access could potentially exploit this vulnerability, leading…
Map vulnerabilities like CWE-250 to your infrastructure
EchelonGraph correlates every CVE — across CWE-250 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →