ClassDraft

CWE-424Improper Protection of Alternate Path

Category: other

Description

The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.

Common consequences· 1

  • Access Control — Bypass Protection Mechanism, Gain Privileges or Assume Identity

Potential mitigations· 1

  • [Architecture and Design]Deploy different layers of protection to implement security in depth.

Related CAPEC attack patterns· 2

CAPEC-127CAPEC-554

References

  1. https://cwe.mitre.org/data/definitions/424.html

Exploits (incoming)2

TypeTargetConfidenceTier
AttackPatternFunctionality Bypasscapec-554100%live
AttackPatternDirectory Indexingcapec-127100%live

(incoming)3

TypeTargetConfidenceTier
VulnerabilityCVE-2025-48827cve-2025-488270%live
VulnerabilityCVE-2025-48828cve-2025-488280%live
KEVEntryYiiframework Yii Improper Protection of Alternate Path Vulnerabilitykev-cve-2024-581360%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Access Control
CWE
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CWE
Unprotected Primary Channel
CWE
Weak Authentication
CWE
Improper Isolation or Compartmentalization
CWE
Exposure of Sensitive Information to an Unauthorized Actor
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.