BaseDraft
CWE-489Active Debug Code
Category: config
Description
The product is released with debugging code still enabled or active.
Common consequences· 1
- Confidentiality / Integrity / Availability / Access Control / Other — Bypass Protection Mechanism, Read Application Data, Gain Privileges or Assume Identity, Varies by ContextActive debug code can create unintended entry points or expose sensitive information. The severity of the exposed debug code will depend on the particular instance. At the least, it will give an attacker sensitive information about the settings and mechanics of web applications on the server. At worst, as is often the case, the debug code will allow an attacker complete control over the web application and server, as well as confidential information that either of these access.
Potential mitigations· 1
- [Build and Compilation, Distribution]Remove debug code before deploying the application.
Related CAPEC attack patterns· 2
References
Exploits (incoming)2
| Type | Target | Confidence | Tier |
|---|---|---|---|
| AttackPattern | Exploit Non-Production Interfacescapec-121 | 100% | live |
| AttackPattern | Root/Jailbreak Detection Evasion via Debuggingcapec-661 | 100% | live |
Compliance frameworks addressing this (incoming)1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| ComplianceControl | owasp_api_top10-api09 | 100% | live |
(incoming)5
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-2486cve-2025-2486 | 0% | live |
| Vulnerability | CVE-2025-36899cve-2025-36899 | 0% | live |
| Vulnerability | CVE-2025-46674cve-2025-46674 | 0% | live |
| Vulnerability | CVE-2025-64983cve-2025-64983 | 0% | live |
| Vulnerability | CVE-2026-40035cve-2026-40035 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.