2 vulnerabilities classified as CWE-1112. AI Chinese analysis included.
CWE-1112 represents a documentation weakness where critical execution mechanisms remain undefined or insufficiently described. This oversight typically affects environmental variables, configuration files, registry keys, command-line switches, and system settings. While not directly exploitable for immediate code execution, this ambiguity facilitates social engineering attacks or misconfiguration exploits by obscuring how a software component actually behaves. Attackers may leverage undocumented features to bypass security controls or manipulate system behavior in unintended ways, complicating forensic analysis and incident response. To mitigate this risk, developers must adopt rigorous documentation standards that explicitly detail all parameters influencing program execution. Comprehensive guides should cover every configuration option, environment variable, and system dependency, ensuring that both internal teams and external auditors fully understand the software’s operational logic and security boundaries.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-3108 | Unsafe Deserialization in JsonPickleSerializer Enables Remote Code Execution in run-llama/llama_index — run-llama/llama_index | 9.8 | - | 2025-07-06 |
| CVE-2023-29241 | Bosch Building Integration System 安全漏洞 — BIS | 8.1 | High | 2023-06-30 |
Vulnerabilities classified as CWE-1112 represent 2 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.