@cweprogram.bsky.social
Account maintained by the Common Weakness Enumeration (CWE™) Program to update the community on CWE-related announcements. https://cwe.mitre.org
Tree Map of the https://cwe.mitre.org/top25/archive/2025/2025_kev_list.html
Want to know the top ten #CWEs in CISA’s “Known Exploited Vulnerabilities (#KEV) Catalog”?
The “2025 CWE Top 10 KEV Weaknesses” list is now available on the CWE website!
List - cwe.mitre.org/top25/archiv...
Key Insights - cwe.mitre.org/top25/archiv...
Methodology - cwe.mitre.org/top25/archiv...
15 CWEs were “On the Cusp” of making the “2025 #CWE Top 25 Most Dangerous Software Weaknesses” list.
These CWEs continue to be prevalent & severe enough to cause concern.
See the “2025 On the Cusp” list here: cwe.mitre.org/top25/archiv...
Root Cause Mapping Working Group (RCM WG) members — Reminder that our next meeting is Wednesday, 1/21/2026, at 012:00 - 01:00 PM EST
Topic:
- CWE ChatBot
About RCM WG: cwe.mitre.org/community/wo...
#CWE #CVE
Hardware #CWE SIG members—Reminder that our next meeting is Friday, 1/16/2026, at 12:30-1:30 PM EST (16:30 – 17:30 UTC)
Topic:
- HW CWE Completeness
Join #HW SIG: bit.ly/3SCkqyk
Common Weakness Enumeration (CWE™) Version 4.19 now available!
#CWE 4.19 is now available! This latest release includes 1 new view to support the release of the “2021 CWE Top 25 Most Dangerous Software Weaknesses,” 1 new view for the “OWASP Top Ten 2025,” + continued CWE content usability improvements
cwe.mitre.org/news/archive...
The "2025 CWE Top 25 Most Dangerous Software Weaknesses" list demonstrates the currently most common and impactful software weaknesses. Often easy to find and exploit, these can lead to exploitable vulnerabilities that allow adversaries to completely take over a system, steal data, or prevent applications from working.
The 2025 #CWE Top 25 Most Dangerous #Software Weaknesses list is now available!
See the the most severe and prevalent weaknesses behind the 39,080 #CVE Records in this year’s dataset. Take a look and share your thoughts!
cwe.mitre.org/top25/
#CWE User Experience Working Group (UEWG) members — Reminder that our next meeting is Wednesday, 11/19/2025, at 12:00-1:00PM EST
Topic:
- CWE Corpus Completeness
Join CWE UEWG: bit.ly/3CIylfz
Hardware #CWE SIG members—Reminder that our next meeting is Friday, 11/14/2025, at 12:30-1:30 PM EST (16:30 – 17:30 UTC)
Topic:
- Review: “Formation of RTL Weakness Ad-Hoc Working Group”
Join #HW SIG: bit.ly/3SCkqyk
Hardware #CWE SIG members—Reminder that our next meeting is Friday, 10/10/2025, at 12:30-1:30 PM EDT (16:30 – 17:30 UTC)
Topic:
- Review HW submission: “Improper Request Propagation before Data Reception in Write Transactions in a Bus Architecture”
Join #HW SIG: bit.ly/3SCkqyk
New on the #CWE Blog:
“2025 CWE™ Most Important Hardware Weaknesses” Now Available
medium.com/@CWE_CAPEC/2...
#hardware #hw #informationtechnology #informationsecurity #cybersecurity
New Common Weakness Enumeration (CWE™) List Version Released!
#CWE 4.18 is now available! This latest release includes 1 new view related to the recently released “2025 Most Important Hardware Weaknesses,” 1 new AI weakness, usability improvements for 14 CWE entries including diagrams & more
cwe.mitre.org/news/archive...
Hardware #CWE SIG members—Reminder that our next meeting is Friday, 9/12/2025, at 12:30-1:30 PM EDT (16:30 – 17:30 UTC)
Topic:
- CWE Gaps Identified in Most Important Hardware Weaknesses (MIHW) Analysis
Join #HW SIG: bit.ly/3SCkqyk
The “2025 CWE Most Important Hardware Weaknesses”
cycuity.com/type/blog/th...
#cwe #cybersecurity #infosec #hardwaresecurity #hw #hardware
"MITRE updates list of top hardware security blunders"
securityboulevard.com/2025/08/cybe...
#cwe #cybersecurity #infosec #hw #hardware
MITRE Updates List of Most Common Hardware Weaknesses
www.securityweek.com/mitre-update...
#cwe #cybersecurity #infosec #hw #hardware
#CWE User Experience Working Group (UEWG) members — Reminder that our next meeting is tomorrow, Wednesday, 8/27/2025, at 12:00-1:00PM EDT
Topics:
- Weakness Remediation
- CWE Survey Updates
- Open Discussion
Join CWE UEWG: bit.ly/3CIylfz
Logo image of the CWE™ "2025 Most Important Hardware Weaknesses (MIHW)," which empowers organizations with the knowledge to proactively strengthen hardware security and reduce risks at the source.
The #CWE “2025 Most Important Hardware Weaknesses (MIHW)” has arrived!
See what’s included, check out the new methodology, and more!
#hardware #hw cwe.mitre.org/topHW/
Check out this “We Speak CVE Podcast” about mapping the roots causes of CVEs to CWEs
youtu.be/3nNmrv4j1YE
#CWE #CVE #Vulnerability #VulnerabilityManagement #InformationSecurity #Cybersecurity
#CWE User Experience Working Group (UEWG) members — Reminder that our next meeting is tomorrow, Wednesday, 7/30/2025, at 12:00-1:00PM EDT
Topics:
- CWE Survey Ideas?
- Open Discussion
Join CWE UEWG: bit.ly/3CIylfz
Listen to Alexander Bushkin & Jeremy West of #RedHat discuss “How Do We Leverage CVE Root Cause Mapping and CWE Data to Prevent New Vulnerabilities?” in this video from #VULNCON25
youtu.be/5bRA2Qxqzd0 #CVE #CWE
Hardware #CWE SIG members—Reminder that our next meeting is Friday, 7/11/2025, at 12:30-1:30 PM EDT (16:30 – 17:30 UTC)
Topic:
- HW Memory Weaknesses Working Session
Join #HW SIG: bit.ly/3SCkqyk
Vulnerability Root Cause Mapping with CWE: Challenges, Solutions, and Insights from Grounded LLM-based Analysis
Hear how the CVE Numbering Authority (#CNA) community is enhancing #CVE Records with Root Cause Mapping (RCM) of their CVEs to #CWEs, challenges & practical solutions, & how an LLM can help in this video from #VULNCON25
youtu.be/TH1tGO15K24
“Hard Problems in CWE, and What it Tells us about Hard Problems in the Industry,” presentation from “CVE/FIRST VulnCon 2025.” Speaker: CWE Program Technical Lead Steve Christey Coley.
Learn about CWE’s most important problems and where they fit within the challenges faced by the broader #vulnerabilitymanagement / #softwaresecurity ecosystem in this video from #VULNCON25
youtu.be/RcR-EFSptnQ #CVE #CWE
Hardware #CWE SIG members—Reminder that our next meeting is Friday, 6/13/2025, at 12:30-1:30 PM EDT (16:30 – 17:30 UTC)
Topic:
- Continue discussion regarding Memory Access Related Weaknesses as they relate to hardware
Join HW SIG: bit.ly/3SCkqyk
All of the videos from “VulnCon 2025” are now available on YouTube!
youtube.com/playlist?lis...
#CWE #CVE #FIRST #VulnerabilityManagement #Vulnerability #Cybersecurity #InformationSecurity
#CWE User Experience Working Group (UEWG) members — Reminder that our next meeting is Wednesday, 5/28/2025, at 12:00-1:00PM EST
Topics:
- CWE and Proactive Vulnerability Management
- CWE Content Development Repository (CDR) Overview
- Open Discussion
About CWE UEWG: bit.ly/3CIylfz
Hardware #CWE SIG members—Reminder that our next meeting is Friday, 5/9/2025, at 12:30-1:30 PM EDT (16:30 – 17:30 UTC)
Topic:
- Memory Access Weaknesses in HW discussion
- Most Important Hardware Weaknesses Working Group (MIHW WG) update
Join HW SIG: bit.ly/3SCkqyk
Learn @ the #CWE Top 25, it’s value to defenders, & how #CVE CNAs help create the list; the purpose & benefits of mapping the root causes of vulnerabilities identified in CVE Records to CWE #weaknesses; Root Cause Mapping (RCM) tips; & much more!
www.youtube.com/watch?v=8pe6...
CVE/FIRST VulnCon: Collaborate | Communicate | Coordinate
Thank you so much to everyone who attended the #CWE talks at the #VulnCon25 conference!!!
We’re already looking forward to next year’s event!
#CVE #FIRST cwe.mitre.org
Hardware #CWE SIG members—Reminder that our next meeting is tomorrow, Friday, 4/11/2025, at 12:30-1:30 PM EDT (16:30 – 17:30 UTC)
Topic:
- Most Important Hardware Weaknesses Working Group (MIHW WG) update
HW CWE SIG info: bit.ly/3SCkqyk
