MITRE and CISA Release 2025 Top 25 Most Dangerous Software Weaknesses
MITRE, in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA) and the Homeland Security Systems Engineering and Development Institute (HSSEDI), has published the 2025 list of the Top 25 Most Dangerous Software Weaknesses. This annual ranking is based on the analysis of over 39,000 CVE records from June 2024 to June 2025, scoring each weakness by severity and frequency. The list highlights critical software flaws such as Cross-Site Scripting (CWE-79), SQL Injection (CWE-89), and Cross-Site Request Forgery (CWE-352), with notable changes in rankings and several new entries including various buffer overflows and improper access control issues.
CISA emphasizes the importance of this list for organizations aiming to reduce vulnerabilities, improve cost efficiency by addressing weaknesses early in the software lifecycle, and strengthen trust through Secure by Design principles. The Top 25 serves as a guide for developers, product teams, and consumers to prioritize mitigation efforts, make informed purchasing decisions, and adopt secure engineering practices to protect against the most commonly exploited software weaknesses.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
MITRE details methodology and findings behind the 2025 Top 25
MITRE said the 2025 rankings were based on analysis of more than 39,000 CVEs disclosed between June 2024 and June 2025, with Cross-Site Scripting (CWE-79) remaining the top weakness. The published findings also highlighted ranking changes and new entries involving buffer overflows, authorization, authentication, and null pointer dereference issues.
CISA, HSSEDI, and MITRE release the 2025 CWE Top 25 list
CISA, in partnership with HSSEDI and MITRE, released the 2025 CWE Top 25 Most Dangerous Software Weaknesses, an annual ranking of the software flaws most commonly exploited by attackers. The list is intended to help organizations prioritize remediation, secure software development, testing, and procurement decisions.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
The case for fixing CWE weakness patterns instead of patching one bug at a time - Help Net Security
helpnetsecurity.com
Open sourceMITRE shares 2025's top 25 most dangerous software weaknesses
bleepingcomputer.com
Open source2025 CWE Top 25 Most Dangerous Software Weaknesses
cisa.gov
Open source2025 CWE Top 25 Most Dangerous Software Weaknesses
cwe.mitre.org
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Persistent Software Weaknesses Highlighted by MITRE and the Role of Vulnerability Databases
MITRE’s 2025 CWE Top 25 Most Dangerous Software Weaknesses report reveals that foundational coding errors, such as cross-site scripting and SQL injection, continue to be the primary causes of real-world breaches. Despite advancements in security tools, DevSecOps practices, and increased awareness, the same core weaknesses are repeatedly exploited, underscoring a systemic failure to address root causes in software development. The report emphasizes that organizations focusing solely on patching individual CVEs without addressing underlying CWEs remain vulnerable to recurring threats, as these weaknesses represent the fundamental flaws attackers leverage most frequently. Vulnerability databases play a critical role in cataloging known software vulnerabilities, but they are not comprehensive and often suffer from delayed updates and incomplete coverage. Transparency in vulnerability disclosure is essential for trust, yet many vulnerabilities remain unregistered due to complex reporting processes and disincentives for public disclosure. Security professionals are advised to use vulnerability databases as one tool among many, recognizing their limitations and the importance of proactive security testing and defense-in-depth strategies to mitigate risks from persistent software weaknesses.
Mar 21, 2026
OWASP Top 10 2025 Release and Key Changes
The Open Worldwide Application Security Project (OWASP) unveiled the 2025 edition of its Top 10 list of critical risks to web applications at the Global AppSec conference in Washington, D.C. This update, the first since 2021, reflects a significant shift in focus from individual code-level vulnerabilities to broader, systemic risks. Notable changes include the merging and redefinition of previous categories, the elevation of Security Misconfiguration to the second position, and the introduction of a new risk: "Mishandling of Exceptional Conditions." The list is the result of a community-driven process involving extensive data analysis and industry feedback, and is intended as a starting point for organizations to build robust security programs. Industry experts highlight that the 2025 Top 10 is now more aligned with the concerns of CISOs and security leaders, emphasizing risks such as software supply chain failures and security misconfigurations. The inclusion of these categories reflects the growing importance of third-party software and deployment practices in the modern threat landscape. While the list serves as a guide for prioritizing risk, it is not meant to be a compliance checklist but rather a strategic tool for organizations to address the most pressing security challenges in web application development and deployment.
Mar 21, 2026
Critical Vulnerabilities and Exploitation Trends in 2025
Security researchers highlighted several high-impact vulnerabilities that shaped the threat landscape in 2025, including unauthenticated remote code execution flaws in widely used platforms such as React Server Components (CVE-2025-55182), SAP NetWeaver (CVE-2025-31324), PAN-OS (CVE-2025-0108), Cisco IOS XE (CVE-2025-20188), and Erlang/OTP SSH (CVE-2025-32433). These vulnerabilities were notable for their rapid exploitation following public disclosure, with attackers leveraging unauthenticated access and broad software reach to maximize impact. The year saw a shift in attacker focus, with perimeter devices and enterprise software becoming primary entry points, and defenders were forced to respond quickly as the window between disclosure and exploitation narrowed. In December 2025, Microsoft released one of its lightest Patch Tuesday updates, addressing 56 new CVEs. Despite the lower volume, security experts emphasized the importance of prioritizing vulnerabilities that were already exploited, publicly disclosed, or rated as critical with a high likelihood of exploitation. The analysis provided actionable intelligence for defenders, including technology-specific threat insights and resources for mitigating risk. The convergence of these trends underscored the need for rapid vulnerability management and highlighted recurring blind spots in enterprise defense strategies.
Mar 21, 2026