CWE-825 is a common weakness enumeration in software security. This database tracks 11 CVE vulnerabilities classified under this weakness type.

How many CVEs are classified as CWE-825?

There are 11 CVE vulnerabilities classified as CWE-825 with an average CVSS score of 7.1090909090909.

What is the severity distribution for CWE-825?

CWE-825 contains 2 critical, 3 high, 6 medium, and 0 low severity vulnerabilities.

CWE-825

Total CVEs

Vulnerabilities

Avg CVSS v3

7.1

High

Avg CVSS v2

5.6

Medium

Latest CVE

2025

Most Recent

Severity Distribution

Critical 2

18.2%

High 3

27.3%

Medium 6

54.5%

Low 0

External References

MITRE CWE

Official CWE definition

NIST NVD

Search CVEs by CWE

All CVEs (11)

Page 1 of 1

CVE-2024-23310

CRITICAL

CVSS:9.8(Critical)

A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary co...

CWE-8252024

CVE-2023-48694

CRITICAL

CVSS:9.8(Critical)

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer derefere...

CWE-8252023

CVE-2024-39792

HIGH

CVSS:7.5(High)

When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technica...

CWE-8252024

CVE-2023-20212

HIGH

CVSS:7.5(High)

A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic ...

CWE-8252023

CVE-2019-15691

HIGH

CVSS:7.2(High)

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder ...

CWE-8252019

CVE-2024-45105

MEDIUM

CVSS:6.7(Medium)

An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execut...

CWE-8252024

CVE-2025-30653

MEDIUM

CVSS:6.5(Medium)

An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service ...

CWE-8252025

CVE-2024-23638

MEDIUM

CVSS:6.5(Medium)

Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This proble...

CWE-8252024

CVE-2024-28889

MEDIUM

CVSS:5.9(Medium)

When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Managem...

CWE-8252024

CVE-2024-8250

MEDIUM

CVSS:5.5(Medium)

NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file

CWE-8252024

CVE-2021-25443

MEDIUM

CVSS:5.3(Medium)

A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker.

CWE-8252021