CWE-266
AllowedIncorrect Privilege Assignment
Abstraction: Base · Status: Draft
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
1913 vulnerabilities reference this CWE, most recent first.
GHSA-4R3P-CXGG-R53C
Vulnerability from github – Published: 2026-07-05 03:32 – Updated: 2026-07-05 03:32A weakness has been identified in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function save_users of the file classes/Users.php. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
{
"affected": [],
"aliases": [
"CVE-2026-14690"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-05T02:17:40Z",
"severity": "MODERATE"
},
"details": "A weakness has been identified in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function save_users of the file classes/Users.php. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.",
"id": "GHSA-4r3p-cxgg-r53c",
"modified": "2026-07-05T03:32:33Z",
"published": "2026-07-05T03:32:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14690"
},
{
"type": "WEB",
"url": "https://github.com/lee945/cve/issues/1"
},
{
"type": "WEB",
"url": "https://vuldb.com/cve/CVE-2026-14690"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/846830"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/376286"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/376286/cti"
},
{
"type": "WEB",
"url": "https://www.sourcecodester.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4R8M-6JQ5-437V
Vulnerability from github – Published: 2024-07-09 12:30 – Updated: 2024-07-09 12:30A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.9.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.9.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900NC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100NC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2288 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2288NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300P V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300PNC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2488 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2488NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG907R (All versions < V5.9.0), RUGGEDCOM RSG908C (All versions < V5.9.0), RUGGEDCOM RSG909R (All versions < V5.9.0), RUGGEDCOM RSG910C (All versions < V5.9.0), RUGGEDCOM RSG920P V5.X (All versions < V5.9.0), RUGGEDCOM RSG920PNC V5.X (All versions < V5.9.0), RUGGEDCOM RSL910 (All versions < V5.9.0), RUGGEDCOM RSL910NC (All versions < V5.9.0), RUGGEDCOM RST2228 (All versions < V5.9.0), RUGGEDCOM RST2228P (All versions < V5.9.0), RUGGEDCOM RST916C (All versions < V5.9.0), RUGGEDCOM RST916P (All versions < V5.9.0). The affected products with IP forwarding enabled wrongly make available certain remote services in non-managed VLANs, even if these services are not intentionally activated. An attacker could leverage this vulnerability to create a remote shell to the affected system.
{
"affected": [],
"aliases": [
"CVE-2024-38278"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-09T12:15:15Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RMC8388NC V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS416NCv2 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS416PNCv2 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS416Pv2 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS416v2 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS900 (32M) V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS900G (32M) V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS900NC(32M) V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSG2100 (32M) V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSG2100NC(32M) V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSG2288 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSG2288NC V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSG2300 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSG2300NC V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSG2300P V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSG2300PNC V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSG2488 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSG2488NC V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSG907R (All versions \u003c V5.9.0), RUGGEDCOM RSG908C (All versions \u003c V5.9.0), RUGGEDCOM RSG909R (All versions \u003c V5.9.0), RUGGEDCOM RSG910C (All versions \u003c V5.9.0), RUGGEDCOM RSG920P V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSG920PNC V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSL910 (All versions \u003c V5.9.0), RUGGEDCOM RSL910NC (All versions \u003c V5.9.0), RUGGEDCOM RST2228 (All versions \u003c V5.9.0), RUGGEDCOM RST2228P (All versions \u003c V5.9.0), RUGGEDCOM RST916C (All versions \u003c V5.9.0), RUGGEDCOM RST916P (All versions \u003c V5.9.0). The affected products with IP forwarding enabled wrongly make available certain remote services in non-managed VLANs, even if these services are not intentionally activated. An attacker could leverage this vulnerability to create a remote shell to the affected system.",
"id": "GHSA-4r8m-6jq5-437v",
"modified": "2024-07-09T12:30:57Z",
"published": "2024-07-09T12:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38278"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-170375.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4R9C-GHCC-8XQW
Vulnerability from github – Published: 2024-11-04 18:31 – Updated: 2024-11-04 18:31A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument old_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2024-10765"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-434"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-04T16:15:04Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument old_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-4r9c-ghcc-8xqw",
"modified": "2024-11-04T18:31:22Z",
"published": "2024-11-04T18:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10765"
},
{
"type": "WEB",
"url": "https://github.com/hbuzs/CVE/issues/1"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.282952"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.282952"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.436520"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4RPR-5RMH-668H
Vulnerability from github – Published: 2025-10-22 15:31 – Updated: 2026-01-20 15:31Incorrect Privilege Assignment vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Privilege Escalation.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fields: from n/a through <= 3.2.3.
{
"affected": [],
"aliases": [
"CVE-2025-60211"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-22T15:15:58Z",
"severity": "MODERATE"
},
"details": "Incorrect Privilege Assignment vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Privilege Escalation.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fields: from n/a through \u003c= 3.2.3.",
"id": "GHSA-4rpr-5rmh-668h",
"modified": "2026-01-20T15:31:30Z",
"published": "2025-10-22T15:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60211"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/extendons-registration-fields/vulnerability/wordpress-woocommerce-registration-fields-plugin-custom-signup-fields-plugin-3-2-3-privilege-escalation-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/extendons-registration-fields/vulnerability/wordpress-woocommerce-registration-fields-plugin-custom-signup-fields-plugin-3-2-3-privilege-escalation-vulnerability"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/extendons-registration-fields/vulnerability/wordpress-woocommerce-registration-fields-plugin-custom-signup-fields-plugin-3-2-3-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4VCJ-8CJ2-68X6
Vulnerability from github – Published: 2025-09-12 03:33 – Updated: 2025-09-12 03:33A weakness has been identified in YunaiV yudao-cloud up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-10275"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-12T02:15:40Z",
"severity": "MODERATE"
},
"details": "A weakness has been identified in YunaiV yudao-cloud up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-4vcj-8cj2-68x6",
"modified": "2025-09-12T03:33:05Z",
"published": "2025-09-12T03:33:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10275"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.323645"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.323645"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.643384"
},
{
"type": "WEB",
"url": "https://www.cnblogs.com/aibot/p/19063574"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4VMQ-6F4X-FH3W
Vulnerability from github – Published: 2025-10-17 21:31 – Updated: 2025-10-18 03:30The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation.
{
"affected": [],
"aliases": [
"CVE-2025-62645"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-17T21:15:37Z",
"severity": "CRITICAL"
},
"details": "The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation.",
"id": "GHSA-4vmq-6f4x-fh3w",
"modified": "2025-10-18T03:30:24Z",
"published": "2025-10-17T21:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62645"
},
{
"type": "WEB",
"url": "https://archive.today/fMYQp"
},
{
"type": "WEB",
"url": "https://bobdahacker.com/blog/rbi-hacked-drive-thrus"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20250906134240/https:/bobdahacker.com/blog/rbi-hacked-drive-thrus"
},
{
"type": "WEB",
"url": "https://www.malwarebytes.com/blog/news/2025/09/popeyes-tim-hortons-burger-king-platforms-have-catastrophic-vulnerabilities-say-hackers"
},
{
"type": "WEB",
"url": "https://www.yahoo.com/news/articles/burger-king-hacked-attackers-impressed-124154038.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4VV9-C3HJ-RH83
Vulnerability from github – Published: 2026-06-08 15:33 – Updated: 2026-06-08 15:33A security vulnerability has been detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. This affects an unknown part of the file src/main/java/com/alien/bank/management/system/controller/TransactionController.java of the component Transaction Endpoint. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
{
"affected": [],
"aliases": [
"CVE-2026-11521"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-08T15:16:44Z",
"severity": "LOW"
},
"details": "A security vulnerability has been detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. This affects an unknown part of the file src/main/java/com/alien/bank/management/system/controller/TransactionController.java of the component Transaction Endpoint. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.",
"id": "GHSA-4vv9-c3hj-rh83",
"modified": "2026-06-08T15:33:00Z",
"published": "2026-06-08T15:33:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11521"
},
{
"type": "WEB",
"url": "https://github.com/Mohammed-eid35/bank-management-system-springboot/issues/8"
},
{
"type": "WEB",
"url": "https://github.com/Mohammed-eid35/bank-management-system-springboot"
},
{
"type": "WEB",
"url": "https://vuldb.com/cve/CVE-2026-11521"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/836452"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/369141"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/369141/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4VV9-GF8X-3292
Vulnerability from github – Published: 2026-01-29 18:31 – Updated: 2026-01-29 18:31A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument ci_session leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2026-1597"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-29T17:16:24Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument ci_session leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-4vv9-gf8x-3292",
"modified": "2026-01-29T18:31:48Z",
"published": "2026-01-29T18:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1597"
},
{
"type": "WEB",
"url": "https://github.com/4m3rr0r/PoCVulDb/issues/11"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.343359"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.343359"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.740735"
},
{
"type": "WEB",
"url": "https://www.youtube.com/watch?v=KSducixS3pk"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4W6Q-X798-RP5X
Vulnerability from github – Published: 2025-11-10 21:30 – Updated: 2025-11-12 21:31An issue in Sublime HQ Pty Ltd Sublime Text 4 4200 allows authenticated attackers with low-level privileges to escalate privileges to Administrator via replacing the uninstall file with a crafted binary in the installation folder.
{
"affected": [],
"aliases": [
"CVE-2025-56503"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-10T20:15:47Z",
"severity": "MODERATE"
},
"details": "An issue in Sublime HQ Pty Ltd Sublime Text 4 4200 allows authenticated attackers with low-level privileges to escalate privileges to Administrator via replacing the uninstall file with a crafted binary in the installation folder.",
"id": "GHSA-4w6q-x798-rp5x",
"modified": "2025-11-12T21:31:06Z",
"published": "2025-11-10T21:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-56503"
},
{
"type": "WEB",
"url": "https://drive.google.com/file/d/1QDi9_RKJO-Gi_8jkHJKi7QV1Tajqh4WT/view?usp=sharing"
},
{
"type": "WEB",
"url": "https://drive.google.com/file/d/1aP4S-WdFUL9ocNOucioIqxOgzreZ6Ey7/view?usp=sharing"
},
{
"type": "WEB",
"url": "https://github.com/secxplorers/CVE-2025-56503"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4W79-7CH5-4XHW
Vulnerability from github – Published: 2025-11-26 18:31 – Updated: 2025-12-03 18:30Insecure permissions in fail2ban-client v0.11.2 allows attackers with limited sudo privileges to perform arbitrary operations as root.
{
"affected": [],
"aliases": [
"CVE-2025-45311"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-26T16:15:47Z",
"severity": "HIGH"
},
"details": "Insecure permissions in fail2ban-client v0.11.2 allows attackers with limited sudo privileges to perform arbitrary operations as root.",
"id": "GHSA-4w79-7ch5-4xhw",
"modified": "2025-12-03T18:30:22Z",
"published": "2025-11-26T18:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45311"
},
{
"type": "WEB",
"url": "https://github.com/fail2ban/fail2ban/issues/4110"
},
{
"type": "WEB",
"url": "https://gist.github.com/R-Security/1c707a08f9c7f9a91d9d84b5010aaed2"
},
{
"type": "WEB",
"url": "https://packetstorm.news/files/id/189989"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/12/03/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.