Skip to main content
. 2025 Apr 30;11:e2821. doi: 10.7717/peerj-cs.2821

Table A3. CWE Top 25:2023 list-II (MITRE, 2023).

Rank CWE Top 25:2023 Brief description
14 CWE-190: Integer Overflow or Wraparound This occurs when an integer operation results in a value that is too large or too small to be represented, potentially leading to unexpected behavior or vulnerabilities.
15 CWE-502: Deserialization of Untrusted Data This occurs when untrusted data is deserialized, potentially leading to arbitrary code execution or other malicious outcomes.
16 CWE-77: Improper Neutralization of Special Elements used in a Command (‘Command Injection’) This allows attackers to inject malicious commands into a system command, leading to arbitrary command execution.
17 CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer This occurs when operations on a memory buffer exceed its bounds, potentially leading to memory corruption or code execution.
18 CWE-798: Use of Hard-coded Credentials This occurs when credentials (e.g., passwords or keys) are hard-coded into the application, making them easily discoverable by attackers.
19 CWE-918: Server-Side Request Forgery (SSRF) This occurs when an attacker can induce a server to make unauthorized requests to internal or external resources.
20 CWE-306: Missing Authentication for CriticalFunction This occurs when a critical function does not require authentication, allowing unauthorized users to perform sensitive actions.
21 CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’) This occurs when multiple threads or processes access a shared resource without proper synchronization, potentially leading to unexpected behavior or vulnerabilities.
22 CWE-269: Improper Privilege Management This occurs when privileges are not properly managed, allowing users to gain unauthorized access to sensitive functions or data.
23 CWE-94: Improper Control of Generation of Code (‘Code Injection’) This occurs when an application dynamically generates code without proper validation, allowing attackers to inject malicious code.
24 CWE-863: Incorrect Authorization This occurs when an application incorrectly enforces authorization, allowing unauthorized users to access restricted resources.
25 CWE-276: Incorrect Default Permissions This occurs when default permissions are set incorrectly, potentially allowing unauthorized access to files or resources.