CWE-648: Incorrect Use of Privileged APIs
low-riskThe product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.
Abstraction: Base
Common Consequences
Access Control
→
Gain Privileges or Assume Identity
Confidentiality
→
Read Application Data
Integrity
→
Execute Unauthorized Code or Commands
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2019-14813 | 9.8 | 8.5% | — |
| CVE-2025-54769 | 8.8 | 6.1% | — |
| CVE-2024-8785 | 9.8 | 4.0% | — |
| CVE-2019-1010178 | 9.8 | 2.4% | — |
| CVE-2019-14811 | 7.8 | 1.7% | — |
| CVE-2019-3835 | 5.5 | 1.6% | — |
| CVE-2019-3838 | 5.5 | 1.4% | — |
| CVE-2024-11068 | 9.8 | 1.2% | — |
| CVE-2023-29507 | 9.1 | 0.9% | — |
| CVE-2024-46978 | 6.5 | 0.8% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal