BaseDraftTop 25 #11

CWE-94Improper Control of Generation of Code ('Code Injection')

Category: injection

Description

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Common consequences· 4

  • Access Control — Bypass Protection Mechanism
    In some cases, injectable code controls authentication; this may lead to a remote vulnerability.
  • Access Control — Gain Privileges or Assume Identity
    Injected code can access resources that the attacker is directly prevented from accessing.
  • Integrity / Confidentiality / Availability — Execute Unauthorized Code or Commands
    When a product allows a user's input to contain code syntax, it might be possible for an attacker to craft the code in such a way that it will alter the intended control flow of the product. As a result, code injection can often result in the execution of arbitrary code. Code injection attacks can also lead to loss of data integrity in nearly all cases, since the control-plane data injected is always incidental to data recall or writing.
  • Non-Repudiation — Hide Activities
    Often the actions performed by injected control code are unlogged.

Potential mitigations· 5

  • [Architecture and Design]Refactor your program so that you do not have to dynamically generate code.
  • [Architecture and Design]
  • [Implementation]
  • [Testing]Use dynamic tools and techniques that interact with the product using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The product's operation may slow down, but it should not become unstable, crash, or generate incorrect results.
  • [Operation]Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).

Related CAPEC attack patterns· 3

CAPEC-242CAPEC-35CAPEC-77

References

  1. https://cwe.mitre.org/data/definitions/94.html

Exploits (incoming)3

TypeTargetConfidenceTier
AttackPatternManipulating User-Controlled Variablescapec-77100%live
AttackPatternLeverage Executable Code in Non-Executable Filescapec-35100%live
AttackPatternCode Injectioncapec-242100%live

Compliance frameworks addressing this (incoming)3

TypeTargetConfidenceTier
ComplianceControlowasp_llm_top10-llm05100%live
ComplianceControlcis_v8-2100%live
ComplianceControlowasp_llm_top10-llm01100%live

(incoming)144

TypeTargetConfidenceTier
VulnerabilityCVE-2025-0185cve-2025-01850%live
VulnerabilityCVE-2025-0530cve-2025-05300%live
VulnerabilityCVE-2025-10057cve-2025-100570%live
VulnerabilityCVE-2025-10097cve-2025-100970%live
VulnerabilityCVE-2025-1011cve-2025-10110%live
VulnerabilityCVE-2025-11344cve-2025-113440%live
VulnerabilityCVE-2025-11539cve-2025-115390%live
VulnerabilityCVE-2025-11837cve-2025-118370%live
VulnerabilityCVE-2025-11905cve-2025-119050%live
VulnerabilityCVE-2025-12637cve-2025-126370%live
VulnerabilityCVE-2025-12733cve-2025-127330%live
VulnerabilityCVE-2025-12735cve-2025-127350%live
VulnerabilityCVE-2025-12762cve-2025-127620%live
VulnerabilityCVE-2025-12813cve-2025-128130%live
VulnerabilityCVE-2025-1302cve-2025-13020%live
VulnerabilityCVE-2025-13035cve-2025-130350%live
VulnerabilityCVE-2025-13486cve-2025-134860%live
VulnerabilityCVE-2025-13773cve-2025-137730%live
VulnerabilityCVE-2025-13780cve-2025-137800%live
VulnerabilityCVE-2025-13786cve-2025-137860%live
VulnerabilityCVE-2025-14009cve-2025-140090%live
VulnerabilityCVE-2025-14287cve-2025-142870%live
VulnerabilityCVE-2025-14324cve-2025-143240%live
VulnerabilityCVE-2025-14856cve-2025-148560%live
VulnerabilityCVE-2025-1497cve-2025-14970%live
VulnerabilityCVE-2025-15024cve-2025-150240%live
VulnerabilityCVE-2025-1509cve-2025-15090%live
VulnerabilityCVE-2025-1510cve-2025-15100%live
VulnerabilityCVE-2025-1532cve-2025-15320%live
VulnerabilityCVE-2025-15393cve-2025-153930%live

Showing top 30 of 144 by confidence. Click any target to see the full neighbourhood.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CWE
Improper Control of Resource Identifiers ('Resource Injection')
CWE
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.