VariantDraft

CWE-422Unprotected Windows Messaging Channel ('Shatter')

Category: other

Description

The product does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.

Common consequences· 1

  • Access Control — Gain Privileges or Assume Identity, Bypass Protection Mechanism

Potential mitigations· 1

  • [Architecture and Design]Always verify and authenticate the source of the message.

References

  1. https://cwe.mitre.org/data/definitions/422.html

(incoming)2

TypeTargetConfidenceTier
VulnerabilityCVE-2025-20094cve-2025-200940%live
VulnerabilityCVE-2025-22894cve-2025-228940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Unprotected Primary Channel
CWE
Improper Verification of Source of a Communication Channel
CWE
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
CWE
Improper Restriction of Communication Channel to Intended Endpoints
CWE
Race Condition During Access to Alternate Channel
CWE
Insufficiently Protected Credentials
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.