OWASP Top 10 2025: The New Risks That Will Make Developers Sweat!

The 2025 OWASP Top 10 list has been reshuffled like a deck of cards, with Broken Access Control still reigning as the ace. Security Misconfiguration leaps to second, while new kid Mishandling of Exceptional Conditions sneaks in at tenth. It’s a cybersecurity soap opera, but without the dramatic pauses.

3P
Published: November 10, 2025 1:21 pmAdded: November 10, 2025 at 5:57 amAssembled by: The Editor
Pro Dashboard

Hot Take:

OWASP’s Top 10 list is like the Grammy Awards of cybersecurity—just when you think you know who’s on top, they go and shake things up. But let’s be honest, Broken Access Control is the Beyoncé of this list—consistently dropping hits, never leaving the top spot.

Key Points:

– Broken Access Control retains the top spot and now includes Server-Side Request Forgery (SSRF).
– Security Misconfiguration climbs to the second spot and Software Supply Chain Failures make a debut in third.
– Cryptographic Failures, Injection, and Insecure Design all drop two positions.
– Mishandling of Exceptional Conditions is a fresh face, landing in tenth place.
– OWASP’s new approach allows for better tracking of Common Weakness Enumerations (CWEs), expanding from 30 in 2017 to 589 in 2025.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?