News & Events - 2025Right-click and copy a URL to share an article. Send feedback about this page to cwe@mitre.org. CWE Version 4.17 Now Available April 3, 2025 | Share this article CWE Version 4.17 has been posted on the CWE List page to add 3 new weaknesses and make usability improvements to 20 additional weakness entry pages, among other updates. A detailed report is available that lists specific changes between Version 4.16 and Version 4.17. Main Changes CWE 4.17 includes 3 new weaknesses for “Reliance on HTTP instead of HTTPS,” “Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface,” and “Driving Intermediate Cryptographic State/Results to Hardware Module Outputs;” major updates to the AI-related “Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism” weakness; addition of affected languages to many demonstrative examples; miscellaneous changes to various CWE entries under less-analyzed subtrees; and, many other changes related to “usability” (see the “Usability Improvements” section below for details). Three new weaknesses added:
Major updates to an AI-related weakness:
Usability Improvements
Schema Changes There were no schema updates. Summary There are 943 weaknesses and a total of 1,432 entries on the CWE List. Changes for the new version include the following:
See the complete list of changes at https://cwe.mitre.org/data/reports/diff_reports/v4.16_v4.17.html. Future updates will be noted here, on the CWE Research email discussion list, CWE page on LinkedIn, on CWE on X, and on CWE on Mastodon, and on CWE on Bluesky. Please contact us with any comments or concerns. “2024 CWE Top 10 KEV Weaknesses” List Now Available April 3, 2025 | Share this article The “2024 CWE Top 10 KEV Weaknesses” list, which lists the top ten CWEs in the Cybersecurity and Infrastructure Security Agency’s (CISA) “Known Exploited Vulnerabilities (KEV) Catalog,” is now available on the CWE website. The KEV is a database of security flaws in software applications and weaknesses that have been exposed and leveraged by attackers. Each vulnerability listed in KEV is identified by, and links to, a CVE Record. CISA recommends that organizations monitor the KEV catalog and use its content to help prioritize remediation activities in their systems to reduce the likelihood of compromise. Our analysis/key insights about the 2024 Top 10 KEV Weaknesses list are available here, and our methodology for creating the list is here. ![]() View the full CWE Top 10 KEV list here. View and Comment on Community Submissions in the “CWE Content Development Repository (CDR)” April 3, 2025 | Share this article The CWE Program is excited to announce that the “CWE Content Development Repository (CDR),” hosted on GitHub, is now fully public. The CDR enables the broader community to view, track, and contribute to the enhancement of the CWE corpus. This means greater transparency into the CWE working queue, and a further community collaboration in developing new CWE entries and modifying existing entries. Content suggestions begin with the CWE Submission Form. Once processed, these submissions are transferred to the CDR public repository, allowing the entire CWE community to view and comment on them as they progress through various stages of development. Interested? Check out the CDR’s README and the Guidelines for Content Submissions for more details and to better understand the process. All CWE content submissions must adhere to the CWE Terms of Use. CWE Is Focus of Four Talks at VulnCon 2025 April 3, 2025 | Share this article CWE is the main focus of four talks at CVE/FIRST VulnCon 2025 being held at the McKimmon Center in Raleigh, North Carolina, USA, on April 7-10, 2025:
![]() Feel free to contact us on CWE social media or at cwe@mitre.org with any feedback about these presentations. Follow the CWE Program on Bluesky April 3, 2025 | Share this article The CWE Program is now on Bluesky! Please follow us for program news, new versions, updates on community activities, and more at @cweprogram.bsky.social. |