Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1188 (不安全的默认资源初始化) — Vulnerability Class 93

93 vulnerabilities classified as CWE-1188 (不安全的默认资源初始化). AI Chinese analysis included.

CWE-1188 represents an initialization weakness where a software component establishes a resource using a default configuration that lacks adequate security controls. This flaw typically arises when developers prioritize rapid deployment or ease of use over robust security hygiene, leaving critical settings such as passwords, encryption keys, or access permissions in a vulnerable state. Attackers exploit this by identifying these predictable, insecure defaults to gain unauthorized access, escalate privileges, or exfiltrate sensitive data without needing to bypass complex authentication mechanisms. To mitigate this risk, developers must enforce the principle of least privilege by generating strong, random credentials during installation or runtime. Furthermore, implementing mandatory configuration checks that prevent the application from operating with insecure defaults ensures that administrators are compelled to secure the environment before the system becomes accessible to potential threats.

MITRE CWE Description
The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.
Common Consequences (1)
OtherVaries by Context
The impact of insecure defaults varies widely depending on the functionality that the product controls.
Examples (1)
This code attempts to login a user using credentials from a POST request:
// $user and $pass automatically set from POST request if (login_user($user,$pass)) { $authorized = true; } ... if ($authorized) { generatePage(); }
Bad · PHP
$user = $_POST['user']; $pass = $_POST['pass']; $authorized = false; if (login_user($user,$pass)) { $authorized = true; } ...
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2025-43797 Liferay Portal和Liferay DXP 安全漏洞 — Portal 7.1AIHighAI2025-09-15
CVE-2025-41713 WAGO: Vulnerability in hardware switch circuit — CC100 0751-9301 6.5 Medium2025-09-15
CVE-2025-36222 IBM Fusion insecure default configuration — Fusion 8.7 High2025-09-11
CVE-2025-59044 Himmelblau vulnerable to GID collision via group name-derived mapping (privilege escalation) — himmelblau 4.4 Medium2025-09-09
CVE-2025-7353 Rockwell Automation ControlLogix® Ethernet Remote Code Execution Vulnerability — 1756-EN2T/D 9.8AICriticalAI2025-08-14
CVE-2025-54127 HAXcms's Insecure Default Configuration Leads to Unauthenticated Access — issues 7.1 -2025-07-21
CVE-2025-25271 OCPP Backend Configuration via Insecure Defaults — CHARX SEC-3150 8.8 High2025-07-08
CVE-2025-41672 WAGO: Vulnerability in WAGO Device Sphere — Wago Device Sphere 10.0 Critical2025-07-07
CVE-2025-53602 zipkin 安全漏洞 — Zipkin 5.3 Medium2025-07-04
CVE-2025-41438 Consilium Safety CS5000 Fire Panel Initialization of a Resource with an Insecure Default — CS5000 Fire Panel 9.8 Critical2025-05-29
CVE-2025-48927 TeleMessage 安全漏洞 — service 5.3 Medium2025-05-28
CVE-2025-31930 Siemens VersiCharge AC Series 安全漏洞 — IEC 1Ph 7.4kW Child socket 8.8 High2025-05-13
CVE-2025-46599 k3s 安全漏洞 — K3s 6.8 Medium2025-04-25
CVE-2025-1863 Insecure default settings for recorder products — GX10 / GX20 / GP10 / GP20 Paperless Recorders 9.8 Critical2025-04-18
CVE-2025-43015 JetBrains RubyMine 安全漏洞 — RubyMine 8.3 High2025-04-17
CVE-2025-2442 Schneider Electric Trio Q Licensed Data Radio 安全漏洞 — Trio Q Licensed Data Radio 6.8 Medium2025-04-09
CVE-2025-2441 Schneider Electric Trio Q Licensed Data Radio 安全漏洞 — Trio Q Licensed Data Radio 4.6 Medium2025-04-09
CVE-2025-27443 Zoom Workplace Apps for Windows - Insecure Default Variable Initialization — Zoom Workplace Apps for Windows 2.8 Low2025-04-08
CVE-2025-29985 Dell Common Event Enabler 安全漏洞 — Common Event Enabler 6.5 Medium2025-04-08
CVE-2025-27809 Mbed TLS 安全漏洞 — mbedtls 5.4 Medium2025-03-25
CVE-2024-41975 CODESYS (Edge) Gateway for Windows insecure default — CODESYS Edge Gateway 5.3 Medium2025-03-18
CVE-2025-1960 Schneider Electric WebHMI 安全漏洞 — WebHMI – Deployed with EcoStruxure Power Automation System 9.8 Critical2025-03-12
CVE-2025-2129 Mage AI insecure default initialization of resource — Mage AI 5.6 Medium2025-03-09
CVE-2024-50390 QHora — QuRouter 9.8 -2025-03-07
CVE-2024-56433 shadow-utils 安全漏洞 — shadow-utils 3.6 Low2024-12-26
CVE-2024-51758 Exported files stored in default (`public`) filesystem if not reconfigured in filament — filament 7.1AIHighAI2024-11-07
CVE-2024-9949 Denial of Service in Forescout SecureConnector — SecureConnector 6.2AIMediumAI2024-10-23
CVE-2024-45217 Apache Solr: ConfigSets created during a backup restore command are trusted implicitly — Apache Solr 8.8 -2024-10-16
CVE-2024-47295 SEIKO EPSON Web Config 安全漏洞 — Web Config 9.8 -2024-10-01
CVE-2024-0001 FlashArray 安全漏洞 — FlashArray 10.0 Critical2024-09-23

Vulnerabilities classified as CWE-1188 (不安全的默认资源初始化) represent 93 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.