BaseIncomplete

CWE-532Insertion of Sensitive Information into Log File

Category: data-exposure

Description

The product writes sensitive information to a log file.

Common consequences· 1

Confidentiality — Read Application Data
Logging sensitive user data, full path names, or system information often provides attackers with an additional, less-protected path to acquiring the information.

Potential mitigations· 4

[Architecture and Design, Implementation]Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
[Distribution]Remove debug log files before deploying the application into production.
[Operation]Protect log files against unauthorized read/write.
[Implementation]Adjust configurations appropriately when software is transitioned from a debug state to production.

Related CAPEC attack patterns· 1

References

https://cwe.mitre.org/data/definitions/532.html

Exploits (incoming)1

Type	Target	Confidence	Tier
AttackPattern	Fuzzing for application mappingcapec-215	100%	live

Compliance frameworks addressing this (incoming)9

Type	Target	Confidence	Tier
ComplianceControl	owasp_llm_top10-llm02	100%	live
ComplianceControl	cis_v8-3	100%	live
ComplianceControl	iso27701-a.7.2.2	100%	live
ComplianceControl	iso27701-a.7.4.1	100%	live
ComplianceControl	iso27701-a.7.2.1	100%	live
ComplianceControl	gdpr-art5	100%	live
ComplianceControl	iso27701-a.7.5.1	100%	live
ComplianceControl	ai_act-art12	100%	live
ComplianceControl	pci_dss_v4-r10	95%	live

(incoming)13

Type	Target	Confidence	Tier
Vulnerability	CVE-2025-11008cve-2025-11008	0%	live
Vulnerability	CVE-2025-22275cve-2025-22275	0%	live
Vulnerability	Microsoft Windows NTFS Information Disclosure Vulnerabilitycve-2025-24984	0%	live
Vulnerability	CVE-2025-31479cve-2025-31479	0%	live
Vulnerability	CVE-2025-63729cve-2025-63729	0%	live
Vulnerability	CVE-2025-6391cve-2025-6391	0%	live
Vulnerability	CVE-2026-22038cve-2026-22038	0%	live
Vulnerability	CVE-2026-22778cve-2026-22778	0%	live
Vulnerability	CVE-2026-25193cve-2026-25193	0%	live
Vulnerability	CVE-2026-28923cve-2026-28923	0%	live
Vulnerability	CVE-2026-43992cve-2026-43992	0%	live
KEVEntry	Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerabilitykev-cve-2023-21492	0%	live
KEVEntry	Microsoft Windows NTFS Information Disclosure Vulnerabilitykev-cve-2025-24984	0%	live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Insertion of Sensitive Information into Externally-Accessible File or Directory

Insertion of Sensitive Information Into Debugging Code

Storage of Sensitive Data in a Mechanism without Access Control

Generation of Error Message Containing Sensitive Information

Cleartext Storage of Sensitive Information in Memory

Storage of File With Sensitive Data Under FTP Root

Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.