Common Weakness Enumeration

	Welcome to the 2023 Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Weaknesses list (CWE™ Top 25). This list demonstrates the currently most common and impactful software weaknesses. Often easy to find and exploit, these can lead to exploitable vulnerabilities that allow adversaries to completely take over a system, steal data, or prevent applications from working.
	2023 Top 25 List	Key Insights	Methodology

CWEs are becoming more and more prevalent in vulnerability exposure conversations as the community looks to avoid the root causes that can become vulnerabilities. Links to information and documents that will help you understand and use the CWE Top 25 more effectively are noted below. Additional information will be added throughout the summer of 2023.

Available now:

• Stubborn Weaknesses in the CWE Top 25 — 15 weaknesses that have been present on every list from 2019-2023.
• Trends in Real-World CWEs: 2019 to 2023 — A discussion of overall trends and what it means for your IT infrastructure.
• 2023 “On the Cusp” Weaknesses List — 15 additional weaknesses that were “on the cusp” of being included in the 2023 CWE Top 25.
• 2023 On the Cusp Weaknesses Insights — A discussion about the On the Cusp CWEs that continue to be prevalent and severe enough to cause concern.

Topics to look for in the coming months include:

• Actively Exploited — Ranking weaknesses by CISA’s KEV Catalog.
• CWEs and Root-Cause Mapping — The path to clarifying sources of vulnerabilities as we as a community work to eradicate vulnerabilities from your IT infrastructure.
• CWE Top 25 Remapping Notes — The team’s root cause mapping analysis comments by CVE Record.

Top 25 Archive