MITRE’s 2025 Top 25 Software Weaknesses: The Usual Suspects and Newcomers Wreaking Havoc

MITRE has unveiled the 2025 top 25 list of dangerous software weaknesses. Cross-Site Scripting reigns supreme again, with new entries like Classic Buffer Overflow and Improper Access Control making their debut. Review this list to secure your software; after all, nothing says “fun” like preventing a cyber breach comedy of errors!

3P
Published: December 12, 2025 8:43 amAdded: December 12, 2025 at 1:02 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Oh, the joys of technology! Just when you thought your software was safe, MITRE comes along with its annual “Oops, We Did It Again” list of top software weaknesses. It’s like the Oscars of vulnerabilities, and Cross-Site Scripting is still Meryl Streep, winning year after year. Who knew software development could be so… thrilling?

Key Points:

  • MITRE released the 2025 list of top 25 software weaknesses with CISA and HSSEDI.
  • Cross-Site Scripting retains the top spot, with SQL Injection climbing up the ranks.
  • New entries include various Buffer Overflows and Improper Access Controls.
  • The list informs software security strategies and vulnerability management.
  • Funding for MITRE’s CVE and CWE programs extended for another 11 months.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?