目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-250 带着不必要的权限执行 类漏洞列表 245

CWE-250 带着不必要的权限执行 类弱点 245 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-250指程序以高于实际所需的最小权限级别执行操作。这种过度授权不仅可能直接引发权限提升漏洞,还会放大其他安全缺陷的后果。攻击者常利用此弱点,通过触发特定功能获取更高系统控制权,从而执行恶意代码或窃取敏感数据。开发者应遵循最小权限原则,在代码中严格限制进程权限,确保仅授予完成任务所必需的最低特权,从而降低潜在安全风险。

MITRE CWE 官方描述
CWE:CWE-250 Execution with Unnecessary Privileges 英文:The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
常见影响 (1)
Confidentiality, Integrity, Availability, Access ControlGain Privileges or Assume Identity, Execute Unauthorized Code or Commands, Read Application Data, DoS: Crash, Exit, or Restart
An attacker will be able to gain access to any resources that are allowed by the extra privileges. Common results include executing code, disabling services, and reading restricted data. New weaknesses can be exposed because running with extra privileges, such as root or Administrator, can disable t…
缓解措施 (5)
Architecture and Design, OperationRun your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database ad…
Architecture and DesignIdentify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting …
Architecture and DesignIdentify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting …
ImplementationPerform extensive input validation for any privileged code that must be exposed to the user and reject anything that does not fit your strict requirements.
ImplementationWhen dropping privileges, ensure that they have been dropped successfully to avoid CWE-273. As protection mechanisms in the environment get stronger, privilege-dropping calls may fail even if it seems like they would always succeed.
代码示例 (2)
This code temporarily raises the program's privileges to allow creation of a new user folder.
def makeNewUserDir(username): if invalidUsername(username): #avoid CWE-22 and CWE-78 print('Usernames cannot contain invalid characters') return False try: raisePrivileges() os.mkdir('/home/' + username) lowerPrivileges() except OSError: print('Unable to create new user directory for user:' + username) return False return True
Bad · Python
The following code calls chroot() to restrict the application to a subset of the filesystem below APP_HOME in order to prevent an attacker from using the program to gain unauthorized access to files located elsewhere. The code then opens a file specified by the user and processes the contents of the file.
chroot(APP_HOME); chdir("/"); FILE* data = fopen(argv[1], "r+"); ...
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2025-58383 Broadcom Brocade Fabric OS 安全漏洞 — Fabric OS 7.2AIHighAI2026-02-03
CVE-2025-36184 IBM Db2 安全漏洞 — Db2 for Linux, UNIX and Windows 7.2 High2026-01-30
CVE-2026-1680 Danoffice IT Edgemo Local Admin Service 安全漏洞 — Local Admin Service 7.8AIHighAI2026-01-30
CVE-2025-36059 IBM Business Automation Workflow 安全漏洞 — Business Automation Workflow containers 4.7 Medium2026-01-20
CVE-2025-40942 siemens TeleControl Server Basic 安全漏洞 — TeleControl Server Basic 8.8 High2026-01-13
CVE-2025-12420 ServiceNow AI Platform 安全漏洞 — Now Assist AI Agents 9.8AICriticalAI2026-01-12
CVE-2025-46696 Dell Secure Connect Gateway 安全漏洞 — Secure Connect Gateway (SCG) Appliance 6.4 Medium2026-01-06
CVE-2025-1977 Moxa NPort 6100-G2 Series和Moxa NPort 6200-G2 Series 安全漏洞 — NPort 6100-G2/6200-G2 Series 8.8 -2025-12-31
CVE-2025-33223 NVIDIA Isaac Launchable 安全漏洞 — Isaac Launchable 9.8 Critical2025-12-23
CVE-2025-33224 NVIDIA Isaac Launchable 安全漏洞 — Isaac Launchable 9.8 Critical2025-12-23
CVE-2025-34290 Versa SASE Client for Windows 安全漏洞 — SASE Client for Windows 7.0AIHighAI2025-12-20
CVE-2025-13911 Inductive Automation Ignition 安全漏洞 — Ignition 6.4 Medium2025-12-18
CVE-2025-13506 Nebim V3 ERP 安全漏洞 — Nebim V3 ERP 8.8 High2025-12-12
CVE-2025-67510 Neuron 访问控制错误漏洞 — neuron-ai 9.4 Critical2025-12-10
CVE-2025-62876 LightDM KDE Greeter 安全漏洞 — openSUSE 7.8 -2025-11-12
CVE-2025-9055 AXIS OS 安全漏洞 — AXIS OS 6.4 Medium2025-11-11
CVE-2025-46430 Dell Display and Peripheral Manager 安全漏洞 — Display and Peripheral Manager 7.3 High2025-11-10
CVE-2025-36186 IBM Db2 安全漏洞 — Db2 7.4 High2025-11-07
CVE-2025-10885 Autodesk Installer 安全漏洞 — Installer 7.8 High2025-11-06
CVE-2025-43990 Dell Command Monitor 安全漏洞 — Command Monitor (DCM) 7.3 High2025-11-05
CVE-2025-33003 IBM InfoSphere Information Server 安全漏洞 — InfoSphere Information Server 7.8 High2025-10-31
CVE-2018-25123 Nagios XI 安全漏洞 — XI 7.8AIHighAI2025-10-30
CVE-2021-47700 Nagios XI 安全漏洞 — XI 7.8AIHighAI2025-10-30
CVE-2025-34274 Nagios Log Server 安全漏洞 — Log Server 8.8AIHighAI2025-10-30
CVE-2025-36137 IBM Sterling Connect Direct for Unix 安全漏洞 — Sterling Connect:Direct for Unix 7.2 High2025-10-30
CVE-2025-62402 Apache Airflow 安全漏洞 — Apache Airflow 8.0AIHighAI2025-10-30
CVE-2025-62503 Apache Airflow 安全漏洞 — Apache Airflow 6.5AIMediumAI2025-10-30
CVE-2025-43017 HP ThinPro 安全漏洞 — HP ThinPro 8.1 9.4AICriticalAI2025-10-28
CVE-2025-6949 Moxa多款产品 安全漏洞 — EDR-G9010 Series 8.8AIHighAI2025-10-17
CVE-2025-6894 Moxa多款产品 安全漏洞 — EDR-G9010 Series 6.4AIMediumAI2025-10-17

CWE-250(带着不必要的权限执行) 是常见的弱点类别,本平台收录该类弱点关联的 245 条 CVE 漏洞。