CWE-379
Creation of Temporary File in Directory with Insecure Permissions
The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.
CVE-2024-9500 (GCVE-0-2024-9500)
Vulnerability from cvelistv5 – Published: 2024-11-15 21:24 – Updated: 2025-10-06 16:45
VLAI
Title
Autodesk ADP Desktop SDK Privilege Escalation Vulnerability
Summary
A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management.
Severity
7.8 (High)
CWE
- CWE-379 - Creation of Temporary File in Directory with Insecure Permissions
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:installer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "installer",
"vendor": "autodesk",
"versions": [
{
"lessThanOrEqual": "2.10.0.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9500",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T19:00:13.966915Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T19:01:48.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:installer:2.10.0.17:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Installer",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2.10.0.20",
"status": "affected",
"version": "2.10.0.17",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(249, 249, 249);\"\u003eA maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management."
}
],
"impacts": [
{
"capecId": "CAPEC-29",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-379",
"description": "CWE-379 Creation of Temporary File in Directory with Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T16:45:09.078Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0023"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Autodesk ADP Desktop SDK Privilege Escalation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-9500",
"datePublished": "2024-11-15T21:24:22.732Z",
"dateReserved": "2024-10-03T19:00:57.631Z",
"dateUpdated": "2025-10-06T16:45:09.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9950 (GCVE-0-2024-9950)
Vulnerability from cvelistv5 – Published: 2025-01-02 15:40 – Updated: 2025-06-03 13:49
VLAI
Title
Abuse of Unauthenticated Compliance Recheck in SecureConnector
Summary
A vulnerability in Forescout SecureConnector v11.3.07.0109 on Windows allows
unauthenticated user to modify compliance scripts due to insecure temporary directory.
Severity
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.forescout.com/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Forescout | SecureConnector |
Affected:
v11.3.07.0109 , ≤ v11.3.11
(custom)
|
Date Public
2024-11-01 21:09
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-02T17:37:14.368429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T17:37:36.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SecureConnector",
"vendor": "Forescout",
"versions": [
{
"lessThanOrEqual": "v11.3.11",
"status": "affected",
"version": "v11.3.07.0109",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Owen Jeanes"
}
],
"datePublic": "2024-11-01T21:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in Forescout SecureConnector v11.3.07.0109\u0026nbsp;on Windows allows \n\nunauthenticated user to modify compliance scripts due to insecure temporary directory.\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003c/span\u003e"
}
],
"value": "A vulnerability in Forescout SecureConnector v11.3.07.0109\u00a0on Windows allows \n\nunauthenticated user to modify compliance scripts due to insecure temporary directory."
}
],
"impacts": [
{
"capecId": "CAPEC-23",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-23 File Content Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-379",
"description": "CWE-379",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T13:49:49.865Z",
"orgId": "a14582b7-06f4-4d66-8e82-3d7ba3739e88",
"shortName": "Forescout"
},
"references": [
{
"url": "https://support.forescout.com/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Abuse of Unauthenticated Compliance Recheck in SecureConnector",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a14582b7-06f4-4d66-8e82-3d7ba3739e88",
"assignerShortName": "Forescout",
"cveId": "CVE-2024-9950",
"datePublished": "2025-01-02T15:40:36.374Z",
"dateReserved": "2024-10-14T19:24:59.804Z",
"dateUpdated": "2025-06-03T13:49:49.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10279 (GCVE-0-2025-10279)
Vulnerability from cvelistv5 – Published: 2026-02-02 10:36 – Updated: 2026-02-02 17:48
VLAI
Title
Privilege Escalation in mlflow/mlflow
Summary
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with write access to the `/tmp` directory to exploit a race condition and overwrite `.py` files in the virtual environment, leading to arbitrary code execution. The issue is resolved in version 3.4.0.
Severity
CWE
- CWE-379 - Creation of Temporary File in Directory with Insecure Permissions
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mlflow | mlflow/mlflow |
Affected:
unspecified , < 3.4.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10279",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-02T17:48:06.055324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T17:48:15.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mlflow/mlflow",
"vendor": "mlflow",
"versions": [
{
"lessThan": "3.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with write access to the `/tmp` directory to exploit a race condition and overwrite `.py` files in the virtual environment, leading to arbitrary code execution. The issue is resolved in version 3.4.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-379",
"description": "CWE-379 Creation of Temporary File in Directory with Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T10:36:22.810Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/01d3b81e-13d1-43aa-b91a-443aec68bdc8"
},
{
"url": "https://github.com/mlflow/mlflow/commit/1d7c8d4cf0a67d407499a8a4ffac387ea4f8194a"
}
],
"source": {
"advisory": "01d3b81e-13d1-43aa-b91a-443aec68bdc8",
"discovery": "EXTERNAL"
},
"title": "Privilege Escalation in mlflow/mlflow"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2025-10279",
"datePublished": "2026-02-02T10:36:22.810Z",
"dateReserved": "2025-09-11T15:38:58.426Z",
"dateUpdated": "2026-02-02T17:48:15.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21162 (GCVE-0-2025-21162)
Vulnerability from cvelistv5 – Published: 2025-02-11 17:35 – Updated: 2025-02-11 18:58
VLAI
Title
Photoshop Elements | Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)
Summary
Photoshop Elements versions 2025.0 and earlier are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity
5.5 (Medium)
CWE
- CWE-379 - Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/photosh… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Photoshop Elements |
Affected:
0 , ≤ 2025.0
(semver)
|
Date Public
2025-02-11 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T18:49:18.890790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T18:58:12.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Photoshop Elements",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2025.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-02-11T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Photoshop Elements versions 2025.0 and earlier are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "NONE",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-379",
"description": "Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T17:35:12.816Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/photoshop_elements/apsb25-13.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Photoshop Elements | Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-21162",
"datePublished": "2025-02-11T17:35:12.816Z",
"dateReserved": "2024-12-04T17:19:21.477Z",
"dateUpdated": "2025-02-11T18:58:12.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21173 (GCVE-0-2025-21173)
Vulnerability from cvelistv5 – Published: 2025-01-14 18:04 – Updated: 2026-02-13 19:56
VLAI
Title
.NET Elevation of Privilege Vulnerability
Summary
.NET Elevation of Privilege Vulnerability
Severity
CWE
- CWE-379 - Creation of Temporary File in Directory with Insecure Permissions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | .NET 8.0 |
Affected:
8.0.0 , < 8.0.12
(custom)
|
|
| Microsoft | .NET 9.0 |
Affected:
9.0.0 , < 9.0.1
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.10 |
Affected:
17.10.0 , < 17.10.10
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.12 |
Affected:
17.12.0 , < 17.12.4
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.6 |
Affected:
17.6.0 , < 17.6.22
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.8 |
Affected:
17.8.0 , < 17.8.17
(custom)
|
Date Public
2025-01-14 08:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21173",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T19:17:43.370703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T19:17:54.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-05-06T14:27:23.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.herodevs.com/vulnerability-directory/cve-2025-21173"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": ".NET 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.12",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
}
]
},
{
"product": ".NET 9.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.0.1",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.10",
"status": "affected",
"version": "17.10.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.12.4",
"status": "affected",
"version": "17.12.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.22",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.17",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.12",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.12.4",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6.22",
"versionStartIncluding": "17.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.8.17",
"versionStartIncluding": "17.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.10",
"versionStartIncluding": "17.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-01-14T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": ".NET Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-379",
"description": "CWE-379: Creation of Temporary File in Directory with Insecure Permissions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:56:00.939Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173"
}
],
"title": ".NET Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-21173",
"datePublished": "2025-01-14T18:04:02.074Z",
"dateReserved": "2024-12-05T21:43:30.760Z",
"dateUpdated": "2026-02-13T19:56:00.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-27148 (GCVE-0-2025-27148)
Vulnerability from cvelistv5 – Published: 2025-02-25 20:13 – Updated: 2025-02-25 21:20
VLAI
Title
Gradle vulnerable to local privilege escalation through system temporary directory
Summary
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. Gradle builds that rely on versions of net.rubygrapefruit:native-platform prior to 0.22-milestone-28 could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory.
In net.rubygrapefruit:native-platform prior to version 0.22-milestone-28, if the `Native.get(Class<>)` method was called, without calling `Native.init(File)` first, with a non-`null` argument used as working file path, then the library would initialize itself using the system temporary directory and NativeLibraryLocator.java lines 68 through 78. Version 0.22-milestone-28 has been released with changes that fix the problem. Initialization is now mandatory and no longer uses the system temporary directory, unless such a path is passed for initialization. The only workaround for affected versions is to make sure to do a proper initialization, using a location that is safe.
Gradle 8.12, only that exact version, had codepaths where the initialization of the underlying native integration library took a default path, relying on copying the binaries to the system temporary directory. Any execution of Gradle exposed this exploit. Users of Windows or modern versions of macOS are not vulnerable, nor are users of a Unix-like operating system with the "sticky" bit set or `noexec` on their system temporary directory vulnerable. This problem was fixed in Gradle 8.12.1. Gradle 8.13 release also upgrades to a version of the native library that no longer has that bug. Some workarounds are available. On Unix-like operating systems, ensure that the "sticky" bit is set. This only allows the original user (or root) to delete a file. Mounting `/tmp` as `noexec` will prevent Gradle 8.12 from starting. Those who are are unable to change the permissions of the system temporary directory can move the Java temporary directory by setting the System Property java.io.tmpdir. The new path needs to limit permissions to the build user only.
Severity
8.8 (High)
CWE
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://github.com/gradle/gradle/security/advisor… | x_refsource_CONFIRM |
| https://github.com/gradle/gradle/security/advisor… | x_refsource_MISC |
| https://github.com/gradle/native-platform/securit… | x_refsource_MISC |
| https://github.com/gradle/gradle/pull/32025 | x_refsource_MISC |
| https://github.com/gradle/native-platform/pull/353 | x_refsource_MISC |
| https://en.wikipedia.org/wiki/Fstab#Options_commo… | x_refsource_MISC |
| https://en.wikipedia.org/wiki/Sticky_bit | x_refsource_MISC |
| https://github.com/gradle/native-platform/blob/57… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27148",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T21:14:39.385419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T21:20:46.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gradle",
"vendor": "gradle",
"versions": [
{
"status": "affected",
"version": "= 8.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. Gradle builds that rely on versions of net.rubygrapefruit:native-platform prior to 0.22-milestone-28 could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory.\n\nIn net.rubygrapefruit:native-platform prior to version 0.22-milestone-28, if the `Native.get(Class\u003c\u003e)` method was called, without calling `Native.init(File)` first, with a non-`null` argument used as working file path, then the library would initialize itself using the system temporary directory and NativeLibraryLocator.java lines 68 through 78. Version 0.22-milestone-28 has been released with changes that fix the problem. Initialization is now mandatory and no longer uses the system temporary directory, unless such a path is passed for initialization. The only workaround for affected versions is to make sure to do a proper initialization, using a location that is safe.\n\nGradle 8.12, only that exact version, had codepaths where the initialization of the underlying native integration library took a default path, relying on copying the binaries to the system temporary directory. Any execution of Gradle exposed this exploit. Users of Windows or modern versions of macOS are not vulnerable, nor are users of a Unix-like operating system with the \"sticky\" bit set or `noexec` on their system temporary directory vulnerable. This problem was fixed in Gradle 8.12.1. Gradle 8.13 release also upgrades to a version of the native library that no longer has that bug. Some workarounds are available. On Unix-like operating systems, ensure that the \"sticky\" bit is set. This only allows the original user (or root) to delete a file. Mounting `/tmp` as `noexec` will prevent Gradle 8.12 from starting. Those who are are unable to change the permissions of the system temporary directory can move the Java temporary directory by setting the System Property java.io.tmpdir. The new path needs to limit permissions to the build user only."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-378",
"description": "CWE-378: Creation of Temporary File With Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-379",
"description": "CWE-379: Creation of Temporary File in Directory with Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T20:13:51.578Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gradle/gradle/security/advisories/GHSA-465q-w4mf-4f4r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-465q-w4mf-4f4r"
},
{
"name": "https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336"
},
{
"name": "https://github.com/gradle/native-platform/security/advisories/GHSA-2xxp-vw2f-p3x8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gradle/native-platform/security/advisories/GHSA-2xxp-vw2f-p3x8"
},
{
"name": "https://github.com/gradle/gradle/pull/32025",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gradle/gradle/pull/32025"
},
{
"name": "https://github.com/gradle/native-platform/pull/353",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gradle/native-platform/pull/353"
},
{
"name": "https://en.wikipedia.org/wiki/Fstab#Options_common_to_all_filesystems",
"tags": [
"x_refsource_MISC"
],
"url": "https://en.wikipedia.org/wiki/Fstab#Options_common_to_all_filesystems"
},
{
"name": "https://en.wikipedia.org/wiki/Sticky_bit",
"tags": [
"x_refsource_MISC"
],
"url": "https://en.wikipedia.org/wiki/Sticky_bit"
},
{
"name": "https://github.com/gradle/native-platform/blob/574dfe8d9fb546c990436468d617ab81c140871d/native-platform/src/main/java/net/rubygrapefruit/platform/internal/NativeLibraryLocator.java#L68-L78",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gradle/native-platform/blob/574dfe8d9fb546c990436468d617ab81c140871d/native-platform/src/main/java/net/rubygrapefruit/platform/internal/NativeLibraryLocator.java#L68-L78"
}
],
"source": {
"advisory": "GHSA-465q-w4mf-4f4r",
"discovery": "UNKNOWN"
},
"title": "Gradle vulnerable to local privilege escalation through system temporary directory"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27148",
"datePublished": "2025-02-25T20:13:51.578Z",
"dateReserved": "2025-02-19T16:30:47.778Z",
"dateUpdated": "2025-02-25T21:20:46.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32438 (GCVE-0-2025-32438)
Vulnerability from cvelistv5 – Published: 2025-04-15 19:57 – Updated: 2025-04-15 20:08
VLAI
Title
Local privilege escalation in make-initrd-ng
Summary
make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled (the default) a local user is able to create a program that will be executed by root during shutdown. Patches exist for NixOS 24.11 and 25.05 / unstable. As a workaround, set systemd.shutdownRamfs.enable = false;.
Severity
8.8 (High)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/NixOS/nixpkgs/security/advisor… | x_refsource_CONFIRM |
| https://github.com/NixOS/nixpkgs/commit/b17590193… | x_refsource_MISC |
| https://github.com/NixOS/nixpkgs/commit/fbf76bf72… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32438",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T20:08:46.640080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T20:08:58.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nixpkgs",
"vendor": "NixOS",
"versions": [
{
"status": "affected",
"version": "\u003c b17590193d8e5697000c23c66afcf11e1753734d"
},
{
"status": "affected",
"version": "\u003c fbf76bf72b161b9f4ab97704a8258776d5f3ffba"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled (the default) a local user is able to create a program that will be executed by root during shutdown. Patches exist for NixOS 24.11 and 25.05 / unstable. As a workaround, set systemd.shutdownRamfs.enable = false;."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-378",
"description": "CWE-378: Creation of Temporary File With Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-379",
"description": "CWE-379: Creation of Temporary File in Directory with Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T19:57:04.668Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NixOS/nixpkgs/security/advisories/GHSA-m7pq-h9p4-8rr4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NixOS/nixpkgs/security/advisories/GHSA-m7pq-h9p4-8rr4"
},
{
"name": "https://github.com/NixOS/nixpkgs/commit/b17590193d8e5697000c23c66afcf11e1753734d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nixpkgs/commit/b17590193d8e5697000c23c66afcf11e1753734d"
},
{
"name": "https://github.com/NixOS/nixpkgs/commit/fbf76bf72b161b9f4ab97704a8258776d5f3ffba",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nixpkgs/commit/fbf76bf72b161b9f4ab97704a8258776d5f3ffba"
}
],
"source": {
"advisory": "GHSA-m7pq-h9p4-8rr4",
"discovery": "UNKNOWN"
},
"title": "Local privilege escalation in make-initrd-ng"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-32438",
"datePublished": "2025-04-15T19:57:04.668Z",
"dateReserved": "2025-04-08T10:54:58.368Z",
"dateUpdated": "2025-04-15T20:08:58.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32802 (GCVE-0-2025-32802)
Vulnerability from cvelistv5 – Published: 2025-05-28 17:08 – Updated: 2025-05-28 17:23
VLAI
Title
Insecure handling of file paths allows multiple local attacks
Summary
Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths.
This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.
Severity
6.1 (Medium)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.isc.org/docs/cve-2025-32802 | vendor-advisory |
Impacted products
Date Public
2025-05-28 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32802",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T17:23:10.150529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:23:22.213Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kea",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "2.4.1",
"status": "affected",
"version": "2.4.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.2",
"status": "affected",
"version": "2.6.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.7.8",
"status": "affected",
"version": "2.7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Matthias Gerstner from the SUSE security team for bringing this vulnerability to our attention."
}
],
"datePublic": "2025-05-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths.\nThis issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "If an attacker has access to a local unprivileged user account, and the Kea API entry points are not secured, the attacker can use the API to arbitrarily modify Kea\u0027s configuration or to overwrite any file Kea has write access to. If Kea is running as root, the attacker could overwrite any local file. This can lead to local privilege escalation and/or system-wide denial of service. If control sockets are placed in an insecure location, any local user may be able to impersonate a Kea service or prevent the real Kea service from starting."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-379",
"description": "CWE-379 Creation of Temporary File in Directory with Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:08:11.180Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2025-32802",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2025-32802"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of Kea: 2.4.2, 2.6.3, or 2.7.9."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insecure handling of file paths allows multiple local attacks",
"workarounds": [
{
"lang": "en",
"value": "Two mitigation approaches are possible: (1) Disable the API entirely, by (1a) disabling the `kea-ctrl-agent`, and (1b) removing any `\"control-socket\"` stanzas from the Kea configuration files; or (2) Secure access to the API by (2a) requiring authentication (a password or client certificate) for the `kea-ctrl-agent`, and (2b) configuring all `\"control-socket\"` stanzas to use a directory restricted to only trusted users."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2025-32802",
"datePublished": "2025-05-28T17:08:11.180Z",
"dateReserved": "2025-04-10T12:51:45.055Z",
"dateUpdated": "2025-05-28T17:23:22.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33111 (GCVE-0-2025-33111)
Vulnerability from cvelistv5 – Published: 2025-12-08 21:28 – Updated: 2025-12-09 16:05
VLAI
Title
IBM Controller Information Disclosure
Summary
IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files without atomic operations which may expose sensitive information to an authenticated user due to race condition attacks.
Severity
4.3 (Medium)
CWE
- CWE-379 - Creation of Temporary File in Directory with Insecure Permissions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7253273 | vendor-advisorypatch |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Controller |
Affected:
11.1.0 , ≤ 11.1.1
(semver)
cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:controller:11.1.1:*:*:*:*:*:*:* |
|
| IBM | Cognos Controller |
Affected:
11.0.0 , ≤ 11.0.1 FP6
(semver)
cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_controller:11.0.1:FP6:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33111",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T15:25:17.501554Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T16:05:55.300Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:controller:11.1.1:*:*:*:*:*:*:*"
],
"product": "Controller",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.1.1",
"status": "affected",
"version": "11.1.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cognos_controller:11.0.1:FP6:*:*:*:*:*:*"
],
"product": "Cognos Controller",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.0.1 FP6",
"status": "affected",
"version": "11.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files without atomic operations which may expose sensitive information to an authenticated user due to race condition attacks.\u003c/p\u003e"
}
],
"value": "IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files without atomic operations which may expose sensitive information to an authenticated user due to race condition attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-379",
"description": "CWE-379 Creation of Temporary File in Directory with Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T21:28:37.212Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7253273"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes It is strongly recommended that you apply the most recent security updates: Affected Product(s) Version(s) Fix IBM Controller 11.1.0 - 11.1.1 Download IBM Controller 11.1.2 from Passport Advantage IBM Cognos Controller 11.0.0 - 11.0.1 FP6 Download IBM Cognos Controller 11.0.1 FP7 from Fix Central IBM Controller 11.1.2 and IBM Cognos Controller 11.0.1 FP7 are available for Cloud deployments.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes It is strongly recommended that you apply the most recent security updates: Affected Product(s) Version(s) Fix IBM Controller 11.1.0 - 11.1.1 Download IBM Controller 11.1.2 from Passport Advantage IBM Cognos Controller 11.0.0 - 11.0.1 FP6 Download IBM Cognos Controller 11.0.1 FP7 from Fix Central IBM Controller 11.1.2 and IBM Cognos Controller 11.0.1 FP7 are available for Cloud deployments."
}
],
"title": "IBM Controller Information Disclosure",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33111",
"datePublished": "2025-12-08T21:28:37.212Z",
"dateReserved": "2025-04-15T17:50:49.744Z",
"dateUpdated": "2025-12-09T16:05:55.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64896 (GCVE-0-2025-64896)
Vulnerability from cvelistv5 – Published: 2025-12-09 20:39 – Updated: 2025-12-09 20:56
VLAI
Title
Creative Cloud Desktop | Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)
Summary
Creative Cloud Desktop versions 6.4.0.361 and earlier are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to disrupt the application's functionality by manipulating temporary files. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity
5.5 (Medium)
CWE
- CWE-379 - Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/creativ… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Creative Cloud Desktop |
Affected:
0 , ≤ 6.4.0.361
(semver)
|
Date Public
2025-12-09 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64896",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T20:56:37.238237Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T20:56:43.309Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Creative Cloud Desktop",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "6.4.0.361",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-12-09T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Creative Cloud Desktop versions 6.4.0.361 and earlier are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to disrupt the application\u0027s functionality by manipulating temporary files. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "NONE",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-379",
"description": "Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T20:39:50.648Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/creative-cloud/apsb25-120.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Creative Cloud Desktop | Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-64896",
"datePublished": "2025-12-09T20:39:50.648Z",
"dateReserved": "2025-11-11T22:48:38.847Z",
"dateUpdated": "2025-12-09T20:56:43.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Requirements
Description:
- Many contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible.
Mitigation
Phase: Implementation
Description:
- Try to store sensitive tempfiles in a directory which is not world readable -- i.e., per-user directories.
Mitigation
Phase: Implementation
Description:
- Avoid using vulnerable temp file functions.
No CAPEC attack patterns related to this CWE.