VariantDraft

CWE-298Improper Validation of Certificate Expiration

Category: other

Description

A certificate expiration is not validated or is incorrectly validated.

Common consequences· 2

  • Integrity / Other — Other
    The data read from the system vouched for by the expired certificate may be flawed due to malicious spoofing.
  • Authentication / Other — Other
    Trust may be assigned to certificates that have been abandoned due to age.

Potential mitigations· 2

  • [Architecture and Design]Check for expired certificates and provide the user with adequate information about the nature of the problem and how to proceed.
  • [Implementation]If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the expiration.

References

  1. https://cwe.mitre.org/data/definitions/298.html

(incoming)2

TypeTargetConfidenceTier
VulnerabilityCVE-2025-67108cve-2025-671080%live
VulnerabilityCVE-2025-67109cve-2025-671090%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Certificate Validation
CWE
Improper Validation of Certificate with Host Mismatch
CWE
Improper Following of a Certificate's Chain of Trust
CWE
Missing Validation of OpenSSL Certificate
CWE
Improper Verification of Cryptographic Signature
CWE
Improper Check for Certificate Revocation
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.