Base weakness

Draft

CWE-281: Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Last updated May 1, 2026

203

Recorded CVEs

With this primary weakness

1

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

CWE-281 (Improper Preservation of Permissions) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.

Real-world CVEs

203 recorded CVEs are caused by CWE-281 (Improper Preservation of Permissions), including 1 in CISA's KEV (Known Exploited Vulnerabilities) catalog. KEVs are shown first. 10 new CWE-281 CVEs have been recorded so far in 2026 (52 in 2025).

CVE-2024-46622

Critical · CVSS 9.8 · EPSS 43th

2025-01-06

CVE-2024-55507

Critical · CVSS 9.8 · EPSS 43th

2025-01-03

CVE-2024-54465

Critical · CVSS 9.8 · EPSS 54th

2024-12-11

CVE-2024-41646

Critical · CVSS 9.8 · EPSS 47th

2024-12-06

CVE-2024-41644

Critical · CVSS 9.8 · EPSS 47th

2024-12-06

CVE-2024-41645

Critical · CVSS 9.8 · EPSS 47th

2024-12-06

CVE-2024-41649

Critical · CVSS 9.8 · EPSS 47th

2024-12-06

CVE-2023-47463

Critical · CVSS 9.8 · EPSS 66th

2023-11-30

CVE-2020-36070

Critical · CVSS 9.8 · EPSS 61th

2023-04-26

Showing 12 of 203 recorded CWE-281 CVEs. Track new ones as they are published and get AI-written analysis and fixes.

Monitor CWE-281 vulnerabilities

Common consequences

What can happen when CWE-281 is exploited.

Read Application Data, Modify Application Data

Affects: Confidentiality, Integrity

How it happens

When it is introduced

Typically introduced during these phases of the software lifecycle.

Implementation

Operation

Illustrative examples

Real CVEs that MITRE cites as examples of this weakness.

CVE-2002-2323 — Incorrect ACLs used when restoring backups from directories that use symbolic links.
CVE-2001-1515 — Automatic modification of permissions inherited from another file system.
CVE-2005-1920 — Permissions on backup file are created with defaults, possibly less secure than original file.
CVE-2001-0195 — File is made world-readable when being cloned.

Terminology & mappings

Mapped taxonomies

PLOVER: Permission preservation failure

Frequently asked questions

Common questions about CWE-281.

What is CWE-281?

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

What CVEs are caused by CWE-281?

203 recorded CVEs are attributed to CWE-281, including CVE-2017-8543, CVE-2024-36532, CVE-2024-56973. 1 are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.

What are the consequences of CWE-281?

Exploiting CWE-281 can lead to: Read Application Data, Modify Application Data.

Is CWE-281 actively exploited?

Yes. 1 CWE-281 vulnerabilities are in CISA's KEV catalog of actively exploited flaws, out of 203 recorded CVEs.

References

Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.

Stay ahead of CWE-281

Get alerted the moment a new CWE-281 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.

Start free See pricing

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Illustrative examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-281?

What CVEs are caused by CWE-281?

What are the consequences of CWE-281?

Is CWE-281 actively exploited?

References

Stay ahead of CWE-281