BaseStableTop 25 #7
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Category: injection
Description
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Common consequences· 1
- Confidentiality / Integrity / Availability / Non-Repudiation — Execute Unauthorized Code or Commands, DoS: Crash, Exit, or Restart, Read Files or Directories, Modify Files or Directories, Read Application Data, Modify Application Data, Hide ActivitiesAttackers could execute unauthorized operating system commands, which could then be used to disable the product, or read and modify data for which the attacker does not have permissions to access directly. Since the targeted application is directly executing the commands instead of the attacker, any malicious activities may appear to come from the application or the application's owner.
Potential mitigations· 5
- [Architecture and Design]If at all possible, use library calls rather than external processes to recreate the desired functionality.
- [Architecture and Design, Operation]
- [Architecture and Design]For any data that will be used to generate a command to be executed, keep as much of that data out of external control as possible. For example, in web applications, this may require storing the data locally in the session's state instead of sending it out to the client in a hidden form field.
- [Architecture and Design]For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
- [Architecture and Design]
Related CAPEC attack patterns· 5
References
Exploits (incoming)3
| Type | Target | Confidence | Tier |
|---|---|---|---|
| AttackPattern | Exploiting Multiple Input Interpretation Layerscapec-43 | 100% | live |
| AttackPattern | Command Delimiterscapec-15 | 100% | live |
| AttackPattern | Argument Injectioncapec-6 | 100% | live |
Compliance frameworks addressing this (incoming)7
| Type | Target | Confidence | Tier |
|---|---|---|---|
| ComplianceControl | pci_dss_v4-r5 | 100% | live |
| ComplianceControl | owasp_top10-a03 | 100% | live |
| ComplianceControl | iso27001-a.8.8 | 100% | live |
| ComplianceControl | tiber_eu-testing | 100% | live |
| ComplianceControl | pci_dss_v4-r11 | 100% | live |
| ComplianceControl | nist_csf-rs | 100% | live |
| ComplianceControl | iso27001-a.8.28 | 100% | live |
(incoming)140
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-0107cve-2025-0107 | 0% | live |
| Vulnerability | CVE-2025-0457cve-2025-0457 | 0% | live |
| Vulnerability | CVE-2025-0636cve-2025-0636 | 0% | live |
| Vulnerability | CVE-2025-0680cve-2025-0680 | 0% | live |
| Vulnerability | CVE-2025-0798cve-2025-0798 | 0% | live |
| Vulnerability | CVE-2025-10230cve-2025-10230 | 0% | live |
| Vulnerability | CVE-2025-10265cve-2025-10265 | 0% | live |
| Vulnerability | CVE-2025-10326cve-2025-10326 | 0% | live |
| Vulnerability | CVE-2025-10327cve-2025-10327 | 0% | live |
| Vulnerability | CVE-2025-10328cve-2025-10328 | 0% | live |
| Vulnerability | CVE-2025-10358cve-2025-10358 | 0% | live |
| Vulnerability | CVE-2025-10359cve-2025-10359 | 0% | live |
| Vulnerability | CVE-2025-10442cve-2025-10442 | 0% | live |
| Vulnerability | CVE-2025-10568cve-2025-10568 | 0% | live |
| Vulnerability | CVE-2025-10589cve-2025-10589 | 0% | live |
| Vulnerability | CVE-2025-10622cve-2025-10622 | 0% | live |
| Vulnerability | CVE-2025-10659cve-2025-10659 | 0% | live |
| Vulnerability | CVE-2025-10680cve-2025-10680 | 0% | live |
| Vulnerability | CVE-2025-11005cve-2025-11005 | 0% | live |
| Vulnerability | CVE-2025-11138cve-2025-11138 | 0% | live |
| Vulnerability | CVE-2025-11142cve-2025-11142 | 0% | live |
| Vulnerability | CVE-2025-11148cve-2025-11148 | 0% | live |
| Vulnerability | CVE-2025-11202cve-2025-11202 | 0% | live |
| Vulnerability | CVE-2025-11285cve-2025-11285 | 0% | live |
| Vulnerability | CVE-2025-11407cve-2025-11407 | 0% | live |
| Vulnerability | CVE-2025-11490cve-2025-11490 | 0% | live |
| Vulnerability | CVE-2025-11491cve-2025-11491 | 0% | live |
| Vulnerability | CVE-2025-11665cve-2025-11665 | 0% | live |
| Vulnerability | CVE-2025-11774cve-2025-11774 | 0% | live |
| Vulnerability | CVE-2025-11787cve-2025-11787 | 0% | live |
Showing top 30 of 140 by confidence. Click any target to see the full neighbourhood.
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.