BaseDraft

CWE-403Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')

Category: data-exposure

Description

A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descriptors. When a new process is forked or executed, the child process inherits any open file descriptors. When the child process has fewer privileges than the parent process, this might introduce a vulnerability if the child process can access the file descriptor but does not have the privileges to access the associated file.

Common consequences· 1

  • Confidentiality / Integrity — Read Application Data, Modify Application Data

References

  1. https://cwe.mitre.org/data/definitions/403.html

(incoming)2

TypeTargetConfidenceTier
VulnerabilityCVE-2025-15114cve-2025-151140%live
VulnerabilityCVE-2026-40042cve-2026-400420%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Missing Release of File Descriptor or Handle after Effective Lifetime
CWE
Use of Expired File Descriptor
CWE
DEPRECATED: Uncontrolled File Descriptor Consumption
CWE
Allocation of File Descriptors or Handles Without Limits or Throttling
CWE
Process Control
CWE
Missing Reference to Active File Descriptor or Handle
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.