BaseDraft

CWE-325Missing Cryptographic Step

Category: other

Description

The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.

Common consequences· 3

  • Access Control — Bypass Protection Mechanism
  • Confidentiality / Integrity — Read Application Data, Modify Application Data
  • Accountability / Non-Repudiation — Hide Activities

Related CAPEC attack patterns· 1

CAPEC-68

References

  1. https://cwe.mitre.org/data/definitions/325.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternSubvert Code-signing Facilitiescapec-68100%live

(incoming)2

TypeTargetConfidenceTier
VulnerabilityCVE-2025-3938cve-2025-39380%live
VulnerabilityCVE-2026-4601cve-2026-46010%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Missing Critical Step in Authentication
CWE
Use of a Broken or Risky Cryptographic Algorithm
CWE
Inadequate Encryption Strength
CWE
Improperly Implemented Security Check for Standard
CWE
Improper Verification of Cryptographic Signature
CWE
Use of a Cryptographic Primitive with a Risky Implementation
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.