BaseDraft

CWE-552Files or Directories Accessible to External Parties

Category: other

Description

The product makes files or directories accessible to unauthorized actors, even though they should not be.

Common consequences· 1

  • Confidentiality / Integrity — Read Files or Directories, Modify Files or Directories

Potential mitigations· 1

  • [Implementation, System Configuration, Operation]When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.

Related CAPEC attack patterns· 2

CAPEC-150CAPEC-639

References

  1. https://cwe.mitre.org/data/definitions/552.html

Exploits (incoming)2

TypeTargetConfidenceTier
AttackPatternProbe System Filescapec-639100%live
AttackPatternCollect Data from Common Resource Locationscapec-150100%live

(incoming)28

TypeTargetConfidenceTier
VulnerabilityGladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerabilitycve-2025-113710%live
VulnerabilityCVE-2025-11959cve-2025-119590%live
VulnerabilityCVE-2025-21609cve-2025-216090%live
VulnerabilityCVE-2025-26525cve-2025-265250%live
VulnerabilityCVE-2025-27147cve-2025-271470%live
VulnerabilityCVE-2025-32819cve-2025-328190%live
VulnerabilityCVE-2025-37168cve-2025-371680%live
VulnerabilityCVE-2025-40908cve-2025-409080%live
VulnerabilityCVE-2025-41240cve-2025-412400%live
VulnerabilityTeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerabilitycve-2025-489280%live
VulnerabilityCVE-2025-53536cve-2025-535360%live
VulnerabilityCVE-2025-68719cve-2025-687190%live
VulnerabilityCVE-2025-69990cve-2025-699900%live
VulnerabilityCVE-2026-2330cve-2026-23300%live
VulnerabilityCVE-2026-2331cve-2026-23310%live
VulnerabilityCVE-2026-25137cve-2026-251370%live
VulnerabilityCVE-2026-31215cve-2026-312150%live
VulnerabilityCVE-2026-31216cve-2026-312160%live
VulnerabilityCVE-2026-33071cve-2026-330710%live
VulnerabilityCVE-2026-33698cve-2026-336980%live
VulnerabilityCVE-2026-34361cve-2026-343610%live
VulnerabilityCVE-2026-35446cve-2026-354460%live
VulnerabilityCVE-2026-40484cve-2026-404840%live
VulnerabilityCVE-2026-40631cve-2026-406310%live
VulnerabilityCVE-2026-45721cve-2026-457210%live
KEVEntryRoundcube Webmail File Disclosure Vulnerabilitykev-cve-2017-166510%live
KEVEntryApache Flink Improper Access Control Vulnerabilitykev-cve-2020-175190%live
KEVEntryGladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerabilitykev-cve-2025-113710%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Insertion of Sensitive Information into Externally-Accessible File or Directory
CWE
Exposure of Information Through Directory Listing
CWE
Exposure of Access Control List Files to an Unauthorized Control Sphere
CWE
Improper Access Control
CWE
Exposure of Sensitive Information to an Unauthorized Actor
CWE
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.