Cyber Resilience

CWE · MITRE source

CWE-281Improper Preservation of Permissions

Abstraction: Base · CVEs in our corpus: 335

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Last updated: 04 July 2026 14:16 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: mostly · 7 mapping(s) from 4 framework(s): ATT&CK 3 (partial) · STIG windows server 2022 2 (partial) · STIG windows server 2019 1 (mostly) · OWASP-Web 1 (mostly)

See the full cumulative-coverage rollup →

OWASP Top 10 for Web (2025)

This weakness contributes to A01:2025 Broken Access Control.

NIST 800-53 r5 controls that address this weakness (1)AI

Control Title Family Why it addresses this CWE
PS-5Personnel TransferPSForces removal or modification of permissions no longer required after reassignment, preventing improper preservation of old access rights.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2017-8543 KEV10.09.80.73762017-06-15
CVE-2019-02338.07.50.68762020-09-14
CVE-2017-85897.09.80.26162017-07-11
CVE-2018-41157.09.80.02302018-04-03
CVE-2020-100837.09.10.01082020-03-13
CVE-2020-188907.09.80.01522021-05-06
CVE-2021-299717.09.80.01022021-08-05
CVE-2023-286687.09.80.00832023-04-02
CVE-2021-339907.09.80.11922023-04-16
CVE-2020-360707.09.80.01082023-04-26
CVE-2023-340347.09.10.03472023-07-19
CVE-2023-482407.09.00.00712023-11-20
CVE-2023-474637.09.80.01282023-11-30
CVE-2024-365327.010.00.00452024-06-21
CVE-2024-416447.09.80.00682024-12-06
CVE-2024-416457.09.80.00682024-12-06
CVE-2024-416467.09.80.00682024-12-06
CVE-2024-416487.09.80.00472024-12-06
CVE-2024-416497.09.80.00682024-12-06
CVE-2024-416507.09.80.00472024-12-06
CVE-2024-544657.09.80.00862024-12-12
CVE-2024-555077.09.80.00592025-01-03
CVE-2024-466227.09.80.00572025-01-06
CVE-2024-548797.09.10.00912025-01-06
CVE-2024-548807.09.10.00872025-01-06