{ "id": "cdc79a8a-309c-49f6-94cc-a700760236a3", "created_at": "2026-04-06T00:17:22.171141Z", "updated_at": "2026-04-10T13:11:40.530014Z", "deleted_at": null, "sha1_hash": "89f2717bc9cdb2498a1d26c20e061d3ab0876127", "title": "CWE Top 25 Most Dangerous Software Weaknesses", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 132552, "plain_text": "CWE Top 25 Most Dangerous Software Weaknesses\r\nArchived: 2026-04-05 15:46:59 UTC\r\nWelcome to the 2025 Common Weakness Enumeration (CWE™) Top 25 Most Dangerous\r\nSoftware Weaknesses list (CWE™ Top 25). This list demonstrates the currently most common\r\nand impactful software weaknesses.\r\nOften easy to find and exploit, these can lead to exploitable vulnerabilities that allow\r\nadversaries to completely take over a system, steal data, or prevent applications from working.\r\n2025 Top 25 List Key Insights Methodology\r\nThe CWE Top 25 Most Dangerous Software Weaknesses List highlights the most severe and prevalent\r\nweaknesses behind the 39,080 Common Vulnerabilities and Exposures (CVE™) Records in this year’s dataset.\r\nUncovering the root causes of these vulnerabilities serves as a powerful guide for investments, policies, and\r\npractices to prevent these vulnerabilities from occurring in the first place — benefiting both industry and\r\ngovernment stakeholders.\r\nThe CWE Top 25 can help inform:\r\nVulnerability Reduction – Insights into the common root causes drive valuable feedback into vendors’\r\nSDLC and architectural planning, helping to eliminate entire classes of defect (e.g., memory safety,\r\ninjection)\r\nCost Savings – Fewer vulnerabilities in product development mean fewer issues to manage post-deployment, ultimately saving money and resources\r\nTrend Analysis – Insight into data trends enables organizations to better focus security efforts\r\nExploitability Insights – Certain weaknesses such as command injection attract adversarial attention,\r\nenabling risk prioritization.\r\nCustomer Trust – Transparency in how organizations address these weaknesses shows commitment to\r\nproduct security\r\nThe 2025 CWE Top 25 is not only a valuable resource for developers and security professionals, but it also serves\r\nas a strategic guide for organizations aiming to make informed decisions in software, security, and risk\r\nmanagement investments.\r\nAlso available now:\r\n2025 CWE Top 10 KEV Weaknesses — Ranking actively exploited weaknesses by CISA’s KEV Catalog.\r\n2025 “On the Cusp” Weaknesses List – 15 additional weaknesses that were “on the cusp” of being\r\nincluded in the 2025 CWE Top 25.\r\nhttps://cwe.mitre.org/top25/index.html\r\nPage 1 of 2\n\nTop 25 Archive\r\nSource: https://cwe.mitre.org/top25/index.html\r\nhttps://cwe.mitre.org/top25/index.html\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "origins": [ "web" ], "references": [ "https://cwe.mitre.org/top25/index.html" ], "report_names": [ "index.html" ], "threat_actors": [ { "id": "d90307b6-14a9-4d0b-9156-89e453d6eb13", "created_at": "2022-10-25T16:07:23.773944Z", "updated_at": "2026-04-10T02:00:04.746188Z", "deleted_at": null, "main_name": "Lead", "aliases": [ "Casper", "TG-3279" ], "source_name": "ETDA:Lead", "tools": [ "Agentemis", "BleDoor", "Cobalt Strike", "CobaltStrike", "RbDoor", "RibDoor", "Winnti", "cobeacon" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434642, "ts_updated_at": 1775826700, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/89f2717bc9cdb2498a1d26c20e061d3ab0876127.pdf", "text": "https://archive.orkl.eu/89f2717bc9cdb2498a1d26c20e061d3ab0876127.txt", "img": "https://archive.orkl.eu/89f2717bc9cdb2498a1d26c20e061d3ab0876127.jpg" } }