2022 CWE Top 25 Most Dangerous Software Weaknesses

Trang chủ » Http://sans.org » 2022 CWE Top 25 Most Dangerous Software Weaknesses

Có thể bạn quan tâm

CWE Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities

New to CWE? click here! CWE Most Important Hardware Weaknesses CWE Top 25 Most Dangerous Weaknesses
Home > CWE Top 25 ID Lookup:
  • Home
  • About ▼ Who We Are User Stories History Documents Videos
  • Learn ▼ Basics Root Cause Mapping ► Guidance Quick Tips Examples How to Contribute Weakness Content FAQs Glossary
  • Access Content ▼ Top-N Lists ► Top 25 Software Top Hardware Top 10 KEV Weaknesses CWE List ► Current Version Reports Visualizations Releases Archive Downloads REST API
  • Community ▼ News ► Current News Blog Podcast News Archive CWE Board Working Groups & Special Interest Groups Email Lists
  • Search ▼ Search CWE List Search Website
CWE Glossary Definition x

CWE Top 25 Most Dangerous Software Weaknesses

CWE Top 25 logo

Welcome to the 2025 Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Weaknesses list (CWE™ Top 25). This list demonstrates the currently most common and impactful software weaknesses.

Often easy to find and exploit, these can lead to exploitable vulnerabilities that allow adversaries to completely take over a system, steal data, or prevent applications from working.
2025 Top 25 List Key Insights Methodology

The CWE Top 25 Most Dangerous Software Weaknesses List highlights the most severe and prevalent weaknesses behind the 39,080 Common Vulnerabilities and Exposures (CVE™) Records in this year’s dataset. Uncovering the root causes of these vulnerabilities serves as a powerful guide for investments, policies, and practices to prevent these vulnerabilities from occurring in the first place — benefiting both industry and government stakeholders.

The CWE Top 25 can help inform:

  • Vulnerability Reduction – Insights into the common root causes drive valuable feedback into vendors’ SDLC and architectural planning, helping to eliminate entire classes of defect (e.g., memory safety, injection)
  • Cost Savings – Fewer vulnerabilities in product development mean fewer issues to manage post-deployment, ultimately saving money and resources
  • Trend Analysis – Insight into data trends enables organizations to better focus security efforts
  • Exploitability Insights – Certain weaknesses such as command injection attract adversarial attention, enabling risk prioritization.
  • Customer Trust – Transparency in how organizations address these weaknesses shows commitment to product security

The 2025 CWE Top 25 is not only a valuable resource for developers and security professionals, but it also serves as a strategic guide for organizations aiming to make informed decisions in software, security, and risk management investments.

Top 25 Archive

Back to top More information is available — Please edit the custom filter or select a different filter.
Page Last Updated: December 10, 2025
MITRE Site Map | Terms of Use | Manage Cookies | Cookie Notice | Privacy Policy | Contact Us | CWE on X CWE on LinkedIn CWE on Bluesky CWE on Mastodon CWE YouTube channel CWE Out-of-Bounds-Read Podcast CWE Blog on Medium blog

Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2025, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.

 HSSEDI

Từ khóa » Http://sans.org