CWE-732 (关键资源的不正确权限授予) — Vulnerability Class 444

444 vulnerabilities classified as CWE-732 (关键资源的不正确权限授予). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2022-50690	Wondershare MirrorGo 2.0.11.346 Local Privilege Escalation via Insecure File Permissions — Wondershare MirrorGo	8.4	High	2025-12-22
CVE-2023-53949	AspEmail 5.6.0.2 Local Privilege Escalation via Binary Permission Vulnerability — AspEmail	8.4	High	2025-12-19
CVE-2025-13941	Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability — Foxit PDF Reader	8.8	High	2025-12-19
CVE-2025-68462	Freedombox 安全漏洞 — FreedomBox	3.2	Low	2025-12-18
CVE-2025-34288	Nagios XI Privilege Escalation via Writable PHP Include Executed with Sudo — Nagios XI	7.8^AI	High^AI	2025-12-16
CVE-2025-13733	BuhoNTFS 1.3.2 - Local Privilege Escalation — BuhoNTFS	7.8^AI	High^AI	2025-12-12
CVE-2025-40818	Siemens SINEMA Remote Connect Server 安全漏洞 — SINEMA Remote Connect Server	3.3	Low	2025-12-09
CVE-2025-8148	CVE-2025-8148 Improper Access Control in SFTP service of GoAnywhere MFT — GoAnywhere MFT	4.2	Medium	2025-12-05
CVE-2025-20387	Incorrect permissions assignment on Splunk Universal Forwarder for Windows during new installation or upgrade — Splunk Enterprise	8.0	High	2025-12-03
CVE-2025-20386	Incorrect permission assignment on Splunk Enterprise for Windows during new installation or upgrade — Splunk Enterprise	8.0	High	2025-12-03
CVE-2025-62575	Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource — EC2 Software NMIS BioDose	8.3	High	2025-12-02
CVE-2025-64298	Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource — EC2 Software NMIS BioDose	8.4	High	2025-12-02
CVE-2025-64642	Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource — EC2 Software NMIS BioDose	8.0	High	2025-12-02
CVE-2025-59373	ASUS MyASUS 安全漏洞 — MyASUS	7.8^AI	High^AI	2025-11-25
CVE-2025-11921	iStat Menus 7.10.4 - Local Privilege Escalation — iStats	7.8^AI	High^AI	2025-11-24
CVE-2025-64996	Overly broad file permissions in the mk_inotify plugin allows reading and manipulating the plugin's output — Checkmk	7.1^AI	High^AI	2025-11-18
CVE-2025-34323	Nagios Log Server < 2026R1.0.1 Local Privilege Escalation via Writable Scripts and Sudo Rules — Log Server	7.8^AI	High^AI	2025-11-17
CVE-2024-32014	Siemens Spectrum Power 安全漏洞 — Spectrum Power 4	4.7	Medium	2025-11-11
CVE-2024-32010	Siemens Spectrum Power 安全漏洞 — Spectrum Power 4	7.8	High	2025-11-11
CVE-2025-6779	AXIS OS 安全漏洞 — AXIS OS	6.7	Medium	2025-11-11
CVE-2025-64322	Salesforce Agentforce Vibes Extension 安全漏洞 — Agentforce Vibes Extension	8.8^AI	High^AI	2025-11-04
CVE-2025-64319	Salesforce Mulesoft Anypoint Code Builder 安全漏洞 — Mulesoft Anypoint Code Builder	8.8^AI	High^AI	2025-11-04
CVE-2025-4952	Denial-of-service vulnerability in ESET security products for Windows — ESET NOD32 Antivirus	9.1	-	2025-10-31
CVE-2025-34287	Nagios XI < 2024R2 Privilege Escalation via process_perfdata.pl — XI	7.8^AI	High^AI	2025-10-30
CVE-2025-34135	Nagios XI < 2024R1.4.2 Overly Permissive Permissions on Systemd Unit Files — XI	7.8^AI	High^AI	2025-10-30
CVE-2025-11906	Privilege escalation via writable configuration files in Progress Flowmon — Flowmon	6.7	Medium	2025-10-30
CVE-2025-54546	On affected platforms, restricted users could use SSH port forwarding to access host-internal services — DANZ Monitoring Fabric	7.5	High	2025-10-29
CVE-2025-54545	On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges. — DANZ Monitoring Fabric	7.8	High	2025-10-29
CVE-2025-62688	AutomationDirect Productivity Suite Incorrect Permission Assignment for Critical Resource — Productivity Suite	7.1	High	2025-10-23
CVE-2025-12004	The compare API module breaks Extension:Lockdown — Mediawiki - Lockdown Extension	8.8^AI	High^AI	2025-10-21

Vulnerabilities classified as CWE-732 (关键资源的不正确权限授予) represent 444 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-732 (关键资源的不正确权限授予) — Vulnerability Class 444