VariantDraft

CWE-277Insecure Inherited Permissions

Category: authz

Description

A product defines a set of insecure permissions that are inherited by objects that are created by the program.

Common consequences· 1

  • Confidentiality / Integrity — Read Application Data, Modify Application Data

Potential mitigations· 2

  • [Architecture and Design, Operation]Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
  • [Architecture and Design]

References

  1. https://cwe.mitre.org/data/definitions/277.html

(incoming)2

TypeTargetConfidenceTier
VulnerabilityCVE-2025-11554cve-2025-115540%live
VulnerabilityCVE-2025-58437cve-2025-584370%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Insecure Preserved Inherited Permissions
CWE
Incorrect Execution-Assigned Permissions
CWE
Incorrect Privilege Assignment
CWE
Improper Ownership Management
CWE
Incorrect Default Permissions
CWE
Incorrect Ownership Assignment
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.