ClassDraftTop 25 #13
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
Category: injection
Description
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Common consequences· 1
- Integrity / Confidentiality / Availability — Execute Unauthorized Code or CommandsIf a malicious user injects a character (such as a semi-colon) that delimits the end of one command and the beginning of another, it may be possible to then insert an entirely new and unrelated command that was not intended to be executed. This gives an attacker a privilege or capability that they would not otherwise have.
Potential mitigations· 5
- [Architecture and Design]If at all possible, use library calls rather than external processes to recreate the desired functionality.
- [Implementation]If possible, ensure that all external commands called from the program are statically created.
- [Implementation]
- [Operation]Run time: Run time policy enforcement may be used in an allowlist fashion to prevent use of any non-sanctioned commands.
- [System Configuration]Assign permissions that prevent the user from accessing/opening privileged files.
Related CAPEC attack patterns· 8
References
Exploits (incoming)7
| Type | Target | Confidence | Tier |
|---|---|---|---|
| AttackPattern | Command Delimiterscapec-15 | 100% | live |
| AttackPattern | Manipulating Writeable Terminal Devicescapec-40 | 100% | live |
| AttackPattern | Manipulating Writeable Configuration Filescapec-75 | 100% | live |
| AttackPattern | Exploiting Multiple Input Interpretation Layerscapec-43 | 100% | live |
| AttackPattern | Command Injectioncapec-248 | 100% | live |
| AttackPattern | IMAP/SMTP Command Injectioncapec-183 | 100% | live |
| AttackPattern | Manipulating Web Input to File System Callscapec-76 | 100% | live |
Compliance frameworks addressing this (incoming)1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| ComplianceControl | dora-art24 | 100% | live |
(incoming)142
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-0593cve-2025-0593 | 0% | live |
| Vulnerability | CVE-2025-0798cve-2025-0798 | 0% | live |
| Vulnerability | CVE-2025-10020cve-2025-10020 | 0% | live |
| Vulnerability | Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerabilitycve-2025-10035 | 0% | live |
| Vulnerability | CVE-2025-10123cve-2025-10123 | 0% | live |
| Vulnerability | CVE-2025-10323cve-2025-10323 | 0% | live |
| Vulnerability | CVE-2025-10324cve-2025-10324 | 0% | live |
| Vulnerability | CVE-2025-10325cve-2025-10325 | 0% | live |
| Vulnerability | CVE-2025-10326cve-2025-10326 | 0% | live |
| Vulnerability | CVE-2025-10327cve-2025-10327 | 0% | live |
| Vulnerability | CVE-2025-10328cve-2025-10328 | 0% | live |
| Vulnerability | CVE-2025-10358cve-2025-10358 | 0% | live |
| Vulnerability | CVE-2025-10359cve-2025-10359 | 0% | live |
| Vulnerability | CVE-2025-10401cve-2025-10401 | 0% | live |
| Vulnerability | CVE-2025-10442cve-2025-10442 | 0% | live |
| Vulnerability | CVE-2025-10628cve-2025-10628 | 0% | live |
| Vulnerability | CVE-2025-10629cve-2025-10629 | 0% | live |
| Vulnerability | CVE-2025-10634cve-2025-10634 | 0% | live |
| Vulnerability | CVE-2025-10689cve-2025-10689 | 0% | live |
| Vulnerability | CVE-2025-10814cve-2025-10814 | 0% | live |
| Vulnerability | CVE-2025-10958cve-2025-10958 | 0% | live |
| Vulnerability | CVE-2025-10959cve-2025-10959 | 0% | live |
| Vulnerability | CVE-2025-10960cve-2025-10960 | 0% | live |
| Vulnerability | CVE-2025-10961cve-2025-10961 | 0% | live |
| Vulnerability | CVE-2025-10962cve-2025-10962 | 0% | live |
| Vulnerability | CVE-2025-10963cve-2025-10963 | 0% | live |
| Vulnerability | CVE-2025-10964cve-2025-10964 | 0% | live |
| Vulnerability | CVE-2025-11092cve-2025-11092 | 0% | live |
| Vulnerability | CVE-2025-11095cve-2025-11095 | 0% | live |
| Vulnerability | CVE-2025-11096cve-2025-11096 | 0% | live |
Showing top 30 of 142 by confidence. Click any target to see the full neighbourhood.
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.