Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-657 (违背安全设计原则) — Vulnerability Class 15

15 vulnerabilities classified as CWE-657 (违背安全设计原则). AI Chinese analysis included.

CWE-657 represents a critical architectural flaw where software violates established secure design principles, such as least privilege or defense in depth. This weakness is typically exploited by attackers who leverage systemic design oversights to bypass security controls, often gaining elevated privileges or accessing sensitive data through unintended pathways. Because the vulnerability is embedded in the foundational structure rather than isolated code snippets, exploitation can be straightforward and pervasive. Developers avoid this weakness by integrating security requirements early in the design phase, conducting rigorous threat modeling, and adhering to proven secure coding frameworks. Proactive architectural reviews and peer assessments help identify these structural deficiencies before implementation, ensuring that security is inherent to the system’s design rather than added as an afterthought, thereby reducing the resource-intensive effort required to remediate fundamental flaws later in the development lifecycle.

MITRE CWE Description
The product violates well-established principles for secure design. This can introduce resultant weaknesses or make it easier for developers to introduce related weaknesses during implementation. Because code is centered around design, it can be resource-intensive to fix design problems.
Common Consequences (1)
OtherOther
Examples (2)
Switches may revert their functionality to that of hubs when the table used to map ARP information to the switch interface overflows, such as when under a spoofing attack. This results in traffic being broadcast to an eavesdropper, instead of being sent only on the relevant switch interface. To mitigate this type of problem, the developer could limit the number of ARP entries that can be recorded …
The IPSEC specification is complex, which resulted in bugs, partial implementations, and incompatibilities between vendors.
CVE IDTitleCVSSSeverityPublished
CVE-2026-39888 PraisonAIAgents has a sandbox escape via exception frame traversal in `execute_code` (subprocess mode) — praisonaiagents 10.0 Critical2026-04-08
CVE-2026-30792 RustDesk Client Blindly Merges Unauthenticated Strategy Payloads, Bypassing Local Security Settings — RustDesk Client 7.4 -2026-03-05
CVE-2025-54255 Acrobat Reader | Violation of Secure Design Principles (CWE-657) — Acrobat Reader 4.0 Medium2025-09-09
CVE-2024-57957 Huawei HarmonyOS 安全漏洞 — HarmonyOS 6.6 Medium2025-02-06
CVE-2023-29320 ZDI-CAN-20712: Adobe Acrobat Blacklist Bypass Design flaw — Acrobat Reader 7.8 High2023-08-10
CVE-2022-30683 AEM Violation of Secure Design Principles Security feature bypass — Experience Manager 5.3 -2022-09-16
CVE-2022-28244 Adobe Acrobat Reader DC CSP Bypass Leads To Privilege Escalation — Acrobat Reader 6.3 Medium2022-05-11
CVE-2021-44714 Adobe Acrobat Reader Missing Custom Protocols in Warning Message Prompts — Acrobat Reader 2.5 Low2022-01-14
CVE-2021-36061 Adobe Connect Violation of Secure Design Principles Vulnerability Can Lead To Editing Or Deleting Recordings — Connect 5.4 Medium2021-09-01
CVE-2021-28583 Magento Commerce insecure storage of sensitive documentation — Magento Commerce 7.5 High2021-06-28
CVE-2020-8133 Nextcloud 数据伪造问题漏洞 — Nextcloud Server 4.9 -2020-11-09
CVE-2019-15611 Nextcloud 安全漏洞 — Nextcloud iOS 4.9 -2020-02-04
CVE-2019-0061 Junos OS: Insecure management daemon (MGD) configuration may allow local privilege escalation — Junos OS 7.8 High2019-10-09
CVE-2019-5478 Xilinx Zynq UltraScale+ 输入验证错误漏洞 — Zynq UltraScale+ SoC 5.5 -2019-09-03
CVE-2017-6032 Schneider Electric Modicon Modbus Protocol 安全漏洞 — Schneider Electric Modicon Modbus Protocol 9.1 -2017-06-30

Vulnerabilities classified as CWE-657 (违背安全设计原则) represent 15 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.