ClassIncomplete

CWE-405Asymmetric Resource Consumption (Amplification)

Category: logic

Description

The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric." This can lead to poor performance due to "amplification" of resource consumption, typically in a non-linear fashion. This situation is worsened if the product allows malicious users or attackers to consume more resources than their access level permits.

Common consequences· 1

  • Availability — DoS: Amplification, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Resource Consumption (Other)
    Sometimes this is a factor in "flood" attacks, but other types of amplification exist.

Potential mitigations· 3

  • [Architecture and Design]An application must make resources available to a client commensurate with the client's access level.
  • [Architecture and Design]An application must, at all times, keep track of allocated resources and meter their usage appropriately.
  • [System Configuration]Consider disabling resource-intensive algorithms on the server side, such as Diffie-Hellman key exchange.

References

  1. https://cwe.mitre.org/data/definitions/405.html

(incoming)1

TypeTargetConfidenceTier
VulnerabilityCVE-2025-53633cve-2025-536330%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Insufficient Control of Network Message Volume (Network Amplification)
CWE
Incorrect Synchronization
CWE
Improper Resource Locking
CWE
Missing Synchronization
CWE
Insufficient Resource Pool
CWE
Uncontrolled Resource Consumption
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.