VariantDraft

CWE-453Insecure Default Variable Initialization

Category: config

Description

The product, by default, initializes an internal variable with an insecure or less secure value than is possible.

Common consequences· 1

  • Integrity — Modify Application Data
    An attacker could gain access to and modify sensitive data or system information.

Potential mitigations· 1

  • [System Configuration]Disable or change default settings when they can be used to abuse the system. Since those default settings are shipped with the product they are likely to be known by a potential attacker who is familiar with the product. For instance, default credentials should be changed or the associated accounts should be disabled.

References

  1. https://cwe.mitre.org/data/definitions/453.html

(incoming)2

TypeTargetConfidenceTier
VulnerabilityCVE-2025-30206cve-2025-302060%live
VulnerabilityCVE-2025-47945cve-2025-479450%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Initialization of a Resource with an Insecure Default
CWE
Missing Initialization of a Variable
CWE
Incorrect Initialization of Resource
CWE
External Initialization of Trusted Variables or Data Stores
CWE
Improper Initialization
CWE
Missing Initialization of Resource
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.