BaseIncomplete

CWE-524Use of Cache Containing Sensitive Information

Category: data-exposure

Description

The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere. Applications may use caches to improve efficiency when communicating with remote entities or performing intensive calculations. A cache maintains a pool of objects, threads, connections, pages, financial data, passwords, or other resources to minimize the time it takes to initialize and access these resources. If the cache is accessible to unauthorized actors, attackers can read the cache and obtain this sensitive information.

Common consequences· 1

  • Confidentiality — Read Application Data

Potential mitigations· 3

  • [Architecture and Design]Protect information stored in cache.
  • [Architecture and Design]Do not store unnecessarily sensitive information in the cache.
  • [Architecture and Design]Consider using encryption in the cache.

Related CAPEC attack patterns· 1

CAPEC-204

References

  1. https://cwe.mitre.org/data/definitions/524.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternLifting Sensitive Data Embedded in Cachecapec-204100%live

(incoming)1

TypeTargetConfidenceTier
VulnerabilityCVE-2025-64762cve-2025-647620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Use of Web Browser Cache Containing Sensitive Information
CWE
Access to Critical Private Variable via Public Method
CWE
Insecure Storage of Sensitive Information
CWE
Insertion of Sensitive Information Into Sent Data
CWE
External Initialization of Trusted Variables or Data Stores
CWE
Insecure Automated Optimizations
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.