BaseIncomplete

CWE-272Least Privilege Violation

Category: authz

Description

The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.

Common consequences· 1

  • Access Control / Confidentiality — Gain Privileges or Assume Identity, Read Application Data, Read Files or Directories
    An attacker may be able to access resources with the elevated privilege that could not be accessed with the attacker's original privileges. This is particularly likely in conjunction with another flaw, such as a buffer overflow.

Potential mitigations· 3

  • [Architecture and Design, Operation]Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
  • [Architecture and Design]Follow the principle of least privilege when assigning access rights to entities in a software system.
  • [Architecture and Design]

Related CAPEC attack patterns· 3

CAPEC-17CAPEC-35CAPEC-76

References

  1. https://cwe.mitre.org/data/definitions/272.html

Exploits (incoming)3

TypeTargetConfidenceTier
AttackPatternUsing Malicious Filescapec-17100%live
AttackPatternLeverage Executable Code in Non-Executable Filescapec-35100%live
AttackPatternManipulating Web Input to File System Callscapec-76100%live

(incoming)3

TypeTargetConfidenceTier
VulnerabilityCVE-2025-47809cve-2025-478090%live
VulnerabilityCVE-2025-59106cve-2025-591060%live
VulnerabilityCVE-2025-7722cve-2025-77220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Creation of chroot Jail Without Changing Working Directory
CWE
Use of umask() with chmod-style Argument
CVE
CVE-2025-23180
CWE
Process Control
CVE
Linux Kernel Improper Privilege Management Vulnerability
CVE
CVE-2025-23181
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.