Login Sign Up

CWE-250: CWE-250

147
Total CVEs
18
Critical
96
High
7.7
Avg CVSS
1
In CISA KEV

Yearly Trend

2026
16
2025
69
2024
35
2023
13
2022
6

Top Affected Vendors

1 Ibm 22
2 Dell 9
3 Siemens 5
4 Cisco 5
5 F5 4
6 Google 3
7 Broadcom 3
8 Zimaspace 2
9 Papercut 2
10 Gitlab 2

All CWE-250 CVEs (147)

CVE-2022-1517
10.0

CVE-2022-1517 is a critical vulnerability in LRM (likely a network management system) that allows unauthenticated remote attackers to upload and execu...

Jun 24, 2022
CVE-2025-32445
9.9

This CVE allows authenticated users with EventSource/Sensor CRUD permissions in Argo Events to escalate privileges by crafting malicious pod specifica...

Apr 15, 2025
CVE-2024-8767
9.9

This CVE allows attackers to access and manipulate sensitive data due to excessive privileges assigned to Acronis Backup plugins. Affected users inclu...

Sep 17, 2024
CVE-2024-3330
9.9

This vulnerability allows attackers to execute arbitrary code in Spotfire products. It affects Spotfire Analyst (Windows client requiring user interac...

Jun 27, 2024
CVE-2026-27002
9.8

OpenClaw's Docker sandbox configuration injection vulnerability allows attackers to escape container isolation and access the host system. This affect...

Feb 20, 2026
CVE-2025-13375
9.8

CVE-2025-13375 is a critical vulnerability in IBM Common Cryptographic Architecture (CCA) that allows unauthenticated attackers to execute arbitrary c...

Feb 4, 2026
CVE-2025-34274
9.8

Nagios Log Server versions before 2024R2.0.3 run the embedded Logstash process with root privileges, creating a privilege escalation vulnerability. If...

Oct 30, 2025
CVE-2025-43017
9.8

HP ThinPro 8.1's system management application fails to properly verify user identities, allowing attackers to bypass authentication mechanisms. This ...

Oct 28, 2025
CVE-2025-34515
9.8

CVE-2025-34515 is a privilege escalation vulnerability in Ilevia EVE X1 Server firmware where the sync_project.sh script runs with unnecessary root pr...

Oct 16, 2025
CVE-2025-57119
9.8

This vulnerability in Online Library Management System v3.0 allows attackers to escalate privileges through the adminlogin.php component. Attackers ca...

Sep 16, 2025
CVE-2024-27143
9.8

This vulnerability allows remote attackers to execute arbitrary commands as root on Toshiba printers via SNMP using the private community string. Atta...

Jun 14, 2024
CVE-2023-4662
9.8

This vulnerability allows remote attackers to execute arbitrary code on Saphira Connect systems by exploiting unnecessary privilege execution. It affe...

Sep 15, 2023
CVE-2021-41035
9.8

This vulnerability in Eclipse Openj9 allows attackers to bypass Java access controls by using MethodHandles to invoke interface methods that should be...

Oct 25, 2021
CVE-2024-7102
9.6

This vulnerability in GitLab allows attackers to trigger CI/CD pipelines as another user under specific conditions, potentially leading to unauthorize...

Feb 13, 2025
CVE-2025-67510
9.4

CVE-2025-67510 is a critical SQL injection vulnerability in the Neuron AI framework's MySQLWriteTool that allows arbitrary SQL execution. This enables...

Dec 10, 2025
CVE-2025-36356
9.3

This vulnerability allows a locally authenticated user on affected IBM Security Verify Access systems to escalate their privileges to root due to impr...

Oct 6, 2025
CVE-2025-56557
9.1

This vulnerability in the Tuya Smart Life App allows attackers to gain unauthorized control over Matter-compatible smart devices without requiring ele...

Sep 16, 2025
CVE-2024-6834
9.0

This vulnerability in APIML Spring Cloud Gateway allows attackers to bypass authentication by exploiting Zowe's client certificate signing mechanism. ...

Jul 17, 2024
CVE-2025-40942
8.8

A local privilege escalation vulnerability in TeleControl Server Basic allows attackers with local access to execute arbitrary code with elevated priv...

Jan 13, 2026
CVE-2025-13506
8.8

This vulnerability allows attackers with database access to execute commands with unnecessary privileges, potentially expanding control from the datab...

Dec 12, 2025
CVE-2025-57780
8.8

This vulnerability in F5OS-A and F5OS-C systems allows authenticated attackers with local access to escalate privileges and potentially cross security...

Oct 15, 2025
CVE-2025-0078
8.8

This CVE describes a logic error in Android's SELinux implementation that allows local privilege escalation without user interaction. Attackers can by...

Aug 26, 2025
CVE-2025-46116
8.8

This vulnerability allows authenticated attackers to bypass CLI restrictions and gain root shell access on Ruckus wireless controllers. Attackers can ...

Jul 21, 2025
CVE-2024-48013
8.8

Dell SmartFabric OS10 Software contains an execution with unnecessary privileges vulnerability that allows low-privileged remote attackers to elevate ...

Mar 17, 2025
CVE-2025-22890
8.8

This vulnerability in Defense Platform Home Edition allows attackers to escalate privileges to SYSTEM level on Windows systems through specific operat...

Feb 6, 2025
CVE-2024-28139
8.8

This CVE allows the www-data user (typically used by web servers) to escalate privileges to root via sudo misconfiguration that permits passwordless e...

Dec 11, 2024
CVE-2024-20435
8.8

This vulnerability in Cisco AsyncOS for Secure Web Appliance allows authenticated local attackers with guest credentials to execute arbitrary commands...

Jul 17, 2024
CVE-2023-50015
8.8

This vulnerability allows remote attackers to escalate privileges on affected Grandstream GXP14XX and GXP16XX VoIP phones by exploiting incorrect acce...

Mar 9, 2024
CVE-2023-46360
8.8

CVE-2023-46360 is a privilege escalation vulnerability in Hardy Barth cPH2 eCharge charging stations that allows attackers to execute commands with un...

Feb 6, 2024
CVE-2023-31175
8.8

This vulnerability in SEL-5037 SEL Grid Configurator allows attackers to execute system commands with highest privileges (root/admin). It affects all ...

Aug 31, 2023
CVE-2021-3100
8.8

CVE-2021-3100 is a privilege escalation vulnerability in AWS's Apache Log4j hotpatch package. It allows attackers to gain elevated permissions by expl...

Apr 19, 2022
CVE-2022-0070
8.8

This vulnerability is an incomplete fix for CVE-2021-3100 in Apache Log4j hotpatch packages. It allows attackers to escalate privileges by exploiting ...

Apr 19, 2022
CVE-2021-37174
8.8

This privilege escalation vulnerability in Siemens RUGGEDCOM ROX industrial routers allows attackers to gain root access on affected devices. It affec...

Sep 14, 2021
CVE-2025-61958
8.7

This vulnerability allows authenticated attackers with resource administrator privileges to bypass tmsh restrictions and gain bash shell access on BIG...

Oct 15, 2025
CVE-2025-59481
8.7

This vulnerability allows authenticated attackers with resource administrator privileges to execute arbitrary system commands with elevated permission...

Oct 15, 2025
CVE-2024-23299
8.6

This vulnerability allows a malicious macOS application to escape its sandbox restrictions, potentially accessing system resources or other applicatio...

Jun 10, 2024
CVE-2024-1222
8.6

CVE-2024-1222 is an authorization bypass vulnerability in PaperCut NG/MF that allows attackers to elevate privileges through specially crafted API req...

Mar 14, 2024
CVE-2025-33108
8.5

This vulnerability in IBM Backup, Recovery and Media Services for i allows users with program compilation or restoration privileges to escalate their ...

Jun 14, 2025
CVE-2025-33103
8.5

This CVE describes a privilege escalation vulnerability in IBM TCP/IP Connectivity Utilities for i on IBM i operating systems. An attacker with comman...

May 17, 2025
CVE-2026-21882
8.4

CVE-2026-21882 is a local privilege escalation vulnerability in theshit command-line utility that allows attackers to gain root privileges by exploiti...

Mar 2, 2026
CVE-2025-14096
8.4

This vulnerability in Radiometer medical analyzers allows attackers with physical access to extract credential information due to insufficient credent...

Dec 17, 2025
CVE-2025-50753
8.4

This vulnerability allows authenticated attackers to escape the restricted SSH shell on Mitrastar GPT-2741GNAC-N2 devices and gain root shell access. ...

Aug 26, 2025
CVE-2025-1951
8.4

This CVE describes a local privilege escalation vulnerability in IBM Hardware Management Console for Power Systems. A local authenticated user can exe...

Apr 22, 2025
CVE-2024-35142
8.4

This vulnerability in IBM Security Verify Access Docker allows local users to escalate their privileges by exploiting unnecessary privilege execution....

May 31, 2024
CVE-2024-27260
8.4

This vulnerability allows a non-privileged local user on affected IBM AIX and VIOS systems to exploit a flaw in the invscout command to execute arbitr...

May 16, 2024
CVE-2023-27313
8.3

This vulnerability in SnapCenter allows authenticated unprivileged users to escalate their privileges to administrative access. It affects SnapCenter ...

Oct 12, 2023
CVE-2024-21924
8.2

This vulnerability allows a ring 0 attacker to exploit an SMM callout in the AmdPlatformRasSspSmm driver to modify boot services handlers, potentially...

Feb 11, 2025
CVE-2024-52799
8.2

The Argo Workflows Helm Chart prior to version 0.44.0 grants excessive Kubernetes privileges to workflow roles, specifically the ability to execute co...

Nov 21, 2024
CVE-2024-20999
8.2

This vulnerability in Oracle Solaris Zones allows a high-privileged attacker with local access to compromise the entire Solaris system, potentially le...

Apr 16, 2024
CVE-2023-5207
8.2

This vulnerability allows authenticated attackers in GitLab to execute arbitrary CI/CD pipelines under another user's context, potentially accessing s...

Sep 30, 2023

About CWE-250 (CWE-250)

Our database tracks 147 CVEs classified as CWE-250, with 18 rated critical and 96 rated high severity. The average CVSS score for CWE-250 vulnerabilities is 7.7.

External reference: View CWE-250 on MITRE CWE →

Monitor CWE-250 Vulnerabilities

Get alerted when new CWE-250 CVEs affect your infrastructure.

Start Monitoring Free