MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities

10 hours ago securityweek

XSS remains the top software weakness, followed by SQL injection and CSRF. Buffer overflow issues and improper access control make it to top 25.

The MITRE Corporation has released an updated Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list to reflect the latest changes in the threat landscape.

Cross-site scripting (XSS) vulnerabilities kept the top spot in the list, followed by SQL injection and cross-site request forgery (CSRF), each up one position from last year.

Missing authorization landed fourth in the 2025 CWE Top 25 list, up five positions. Out-of-bounds write placed fifth, dropping two places.

The top 10 also includes path traversal, use-after-free, out-of-bounds read, OS command injection, and code injection vulnerabilities.

There are six new entries in the Top 25 this year, including four CWEs that were not ranked in the list’s previous installments.

These include three buffer overflow weaknesses (classic on 11, stack-based ...

Copyright of this story solely belongs to securityweek . To see the full text click HERE

Share: