Common Weakness Enumeration

	Welcome to the 2023 Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Weaknesses list (CWE™ Top 25). This list demonstrates the currently most common and impactful software weaknesses. Often easy to find and exploit, these can lead to exploitable vulnerabilities that allow adversaries to completely take over a system, steal data, or prevent applications from working.
	2023 Top 25 List	Key Insights	Methodology

CWEs are becoming more and more prevalent in vulnerability exposure conversations as the community looks to avoid the root causes that can become vulnerabilities. Links to information and documents that will help you understand and use the CWE Top 25 more effectively are noted below.

Available now:

• Stubborn Weaknesses in the CWE Top 25 — 15 weaknesses that have been present on every list from 2019-2023 with potential mitigations.
• Trends in Real-World CWEs: 2019 to 2023 — A discussion of overall trends and what it means for your IT infrastructure.
• 2023 “On the Cusp” Weaknesses List — 15 additional weaknesses that were “on the cusp” of being included in the 2023 CWE Top 25.
• 2023 On the Cusp Weaknesses Insights — A discussion about the On the Cusp CWEs that continue to be prevalent and severe enough to cause concern.

Coming soon:

• Actively Exploited — Ranking weaknesses by CISA’s KEV Catalog.

Top 25 Archive