CWE-272: Least Privilege Violation
low-riskThe elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.
Common Consequences
Detection Methods
According to SOAR [REF-1479], the following detection techniques may be useful: Cost effective for partial coverage: Compare binary / bytecode to application permission manifest
According to SOAR [REF-1479], the following detection techniques may be useful: Cost effective for partial coverage: Host-based Vulnerability Scanners - Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria
According to SOAR [REF-1479], the following detection techniques may be useful: Highly cost effective: Manual Source Code Review (not inspections) Cost effective for partial coverage: Focused Manual Spotcheck - Focused manual analysis of source
According to SOAR [REF-1479], the following detection techniques may be useful: Cost effective for partial coverage: Source code Weakness Analyzer Context-configured Source Code Weakness Analyzer
According to SOAR [REF-1479], the following detection techniques may be useful: Cost effective for partial coverage: Permission Manifest Analysis
According to SOAR [REF-1479], the following detection techniques may be useful: Highly cost effective: Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.) Formal Methods / Correct-By-Construction Cost effective for partial coverage: Attack Modeling
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2021-26726 | 8.8 | 1.1% | — |
| CVE-2025-8181 | 7.2 | 0.5% | — |
| CVE-2024-0798 | 6.5 | 0.1% | — |
| CVE-2024-24830 | 9.9 | 0.1% | — |
| CVE-2024-55954 | 8.7 | 0.1% | — |
| CVE-2023-28046 | 6.6 | 0.1% | — |
| CVE-2025-59106 | 8.8 | 0.1% | — |
| CVE-2024-28824 | 8.8 | 0.1% | — |
| CVE-2024-25106 | 9.1 | 0.1% | — |
| CVE-2025-7722 | 8.8 | 0.1% | — |