CWE-552 describes a weakness where files or directories are exposed to external parties that should not be able to access them. This can happen through overly permissive permissions, weak path handling, shared folders, or application logic that treats local artifacts as trusted when they are not. The result is not always code execution; sometimes the risk is disclosure, spoofing, or manipulation of what a user or client believes is legitimate.
In cyber security, this matters because many attacks succeed by abusing trust in local state. If an attacker can read or place files in an exposed directory, they may steal sensitive data, alter configuration, or plant content that misleads a user interface. Defenders look for least-privilege file permissions, secure defaults, strong access control on shared devices, and validation of any local file or directory used by an application. Good endpoint hygiene and careful trust boundaries help prevent this weakness from becoming an attack path.