Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CWE-673 (范围定义的外部影响) — Vulnerability Class 1

1 vulnerabilities classified as CWE-673 (范围定义的外部影响). AI Chinese analysis included.

CWE-673 represents a design flaw where a software system fails to restrict the definition of its control sphere to internal or trusted administrative sources, allowing external actors to manipulate security boundaries. This weakness is typically exploited when attackers inject malicious parameters or modify configuration files to expand access privileges, bypass authentication mechanisms, or alter operational logic, effectively shifting the system’s trust model to favor the attacker. Developers prevent this by implementing strict input validation, ensuring that critical security configurations are immutable or signed by trusted authorities, and enforcing the principle of least privilege. By hardening the system against unauthorized modifications to its operational scope, organizations maintain the integrity of their security architecture and prevent adversaries from redefining the rules of engagement within the application environment.

MITRE CWE Description
The product does not prevent the definition of control spheres from external actors. Typically, a product defines its control sphere within the code itself, or through configuration by the product's administrator. In some cases, an external party can change the definition of the control sphere. This is typically a resultant weakness.
Common Consequences (1)
OtherOther
Examples (2)
Consider a blog publishing tool, which might have three explicit control spheres: the creation of articles, only accessible to a "publisher;" commenting on articles, only accessible to a "commenter" who is a registered user; and reading articles, only accessible to an anonymous reader. Suppose that the application is deployed on a web server that is shared with untrusted parties. If a local user c…
In Untrusted Search Path (CWE-426), a user might be able to define the PATH environment variable to cause the product to search in the wrong directory for a library to load. The product's intended sphere of control would include "resources that are only modifiable by the person who installed the product." The PATH effectively changes the definition of this sphere so that it overlaps the attacker's…
CVE IDTitleCVSSSeverityPublished
CVE-2025-30075 MindManager Windows 安全漏洞 — MindManager 2.2 Low2025-09-16

Vulnerabilities classified as CWE-673 (范围定义的外部影响) represent 1 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.