Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-345 (对数据真实性的验证不充分) — Vulnerability Class 226

226 vulnerabilities classified as CWE-345 (对数据真实性的验证不充分). AI Chinese analysis included.

CWE-345 represents a critical integrity weakness where software fails to adequately verify the origin or authenticity of incoming data, leading to the acceptance of invalid or malicious inputs. Attackers typically exploit this vulnerability by injecting spoofed or tampered information, tricking the application into processing untrusted sources as legitimate. This can result in severe consequences, including data corruption, unauthorized access, or system compromise, as the software blindly trusts the manipulated payload. To mitigate this risk, developers must implement robust cryptographic verification mechanisms, such as digital signatures or message authentication codes, to ensure data integrity. Additionally, strict input validation and secure communication protocols like TLS should be employed to authenticate data sources. By rigorously validating the provenance of all external inputs, organizations can prevent attackers from exploiting trust assumptions and maintain the overall security posture of their systems against integrity-based attacks.

MITRE CWE Description
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Common Consequences (1)
Integrity, OtherVaries by Context, Unexpected State
Examples (1)
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these…
CVE IDTitleCVSSSeverityPublished
CVE-2025-5833 Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability — DMH-WT7600NEX 6.8AIMediumAI2025-06-25
CVE-2025-5832 Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verification of Data Authenticity Vulnerability — DMH-WT7600NEX 6.8AIMediumAI2025-06-25
CVE-2025-52484 RISC Zero zkVM Underconstrained Vulnerability — risc0 9.6AICriticalAI2025-06-20
CVE-2025-49199 Backup files can be modified and uploaded — SICK Field Analytics 8.8 High2025-06-12
CVE-2025-48865 Fabio allows HTTP clients to manipulate custom headers it adds — fabio 9.1 Critical2025-05-30
CVE-2025-43865 React Router allows pre-render data spoofing on React-Router framework mode — react-router 8.2 High2025-04-25
CVE-2025-27735 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability — Windows 10 Version 1507 6.0 Medium2025-04-08
CVE-2025-30144 Fast-JWT Improperly Validates iss Claims — fast-jwt 6.5 Medium2025-03-19
CVE-2025-0149 Zoom Apps - Insufficient Verification of Data Authenticity — Zoom Apps 6.5 Medium2025-03-11
CVE-2025-1945 picklescan - Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch — picklescan 9.8 -2025-03-10
CVE-2025-1944 picklescan ZIP archive manipulation attack leads to crash — picklescan 7.5 -2025-03-10
CVE-2025-27257 GE Vernova UR IED 数据伪造问题漏洞 — N60 multilin 6.1 Medium2025-03-10
CVE-2025-24903 libsignal-service-rs Doesn't Check Origin of Sync Messages — libsignal-service-rs 8.5 High2025-02-13
CVE-2025-24807 Fast DDS does not verify Permissions CA — Fast-DDS 9.1 -2025-02-11
CVE-2025-25188 DNSSEC validation may accept broken authentication chains — hickory-dns 8.8 -2025-02-10
CVE-2025-1108 Insufficient data authenticity vulnerability in Janto — Janto 8.6 High2025-02-07
CVE-2025-23415 BIG-IP APM Endpoint Inspection vulnerability — BIG-IP 3.1 Low2025-02-05
CVE-2024-55929 Mail spoofing — Xerox Workplace Suite 5.3 Medium2025-01-23
CVE-2025-21606 Local Privilege Escalation via Exposed XPC Method Due to Client Verification Failure in stats — stats 7.8 -2025-01-17
CVE-2024-54111 Huawei HarmonyOS 安全漏洞 — HarmonyOS 5.7 Medium2024-12-12
CVE-2024-12369 Elytron-oidc-client: oidc authorization code injection 4.2 Medium2024-12-09
CVE-2024-52548 Lorex 2K Indoor Wi-Fi Security Camera - Code signing bypass — 2K Indoor Wi-Fi Security Camera 6.7 Medium2024-12-03
CVE-2024-53259 quic-go affected by an ICMP Packet Too Large Injection Attack on Linux — quic-go 6.5 Medium2024-12-02
CVE-2022-33861 Insufficient verification of authenticity in IPP — Intelligent Power Protector 5.1 Medium2024-11-25
CVE-2024-11666 Unauthenticated Remote Command Injection in eCharge Salia PLCC — cph2_echarge_firmware 9.0 Critical2024-11-24
CVE-2024-8356 Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege Escalation Vulnerability — Infotainment 7.8 -2024-11-22
CVE-2024-7847 RSLogix™ 5 and RSLogix 500® Remote Code Execution Via VBA Embedded Script — RSLogix 500® 7.7 High2024-10-14
CVE-2024-47867 Lack of integrity check on the downloaded FRP client in Gradio — gradio 8.8AIHighAI2024-10-10
CVE-2024-47079 Unauthorized usage of remote hardware module because of missing channel verification — firmware 6.4 Medium2024-10-07
CVE-2024-23922 Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability — XAV-AX5500 6.8 Medium2024-09-23

Vulnerabilities classified as CWE-345 (对数据真实性的验证不充分) represent 226 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.