CWE-1438 Categorie Detail

CWE-1438

OWASP Top Ten 2025 Category A03:2025 - Software Supply Chain Failures
Incomplete
2025-12-11 +00:00
CWE Mitre.org
Notifications for a CWE
Stay informed of any changes for a specific CWE.
Notifications manage

Name: OWASP Top Ten 2025 Category A03:2025 - Software Supply Chain Failures

Weaknesses in this category are related to the A03 category "Software Supply Chain Failures" in the OWASP Top Ten 2025.

CWE Members List

CWE-1104: Use of Unmaintained Third Party Components Base

CWE-1329: Reliance on Component That is Not Updateable Base

CWE-1395: Dependency on Vulnerable Third-Party Component Base

CWE-447: Unimplemented or Unsupported Feature in UI Base

CWE-477: Use of Obsolete Function Base

CWE Informations

Vulnerability Mapping Notes

Justification : This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment : See member weaknesses of this category.

Submission

Name Organization Date Date release Version
CWE Content Team MITRE 2025-12-01 +00:00 2025-12-11 +00:00 4.19

References

REF-1500

OWASP Top 10:2025 RC1
https://owasp.org/Top10/2025/0x00_2025-Introduction/

REF-1503

A03:2025 - Software Supply Chain Failures
OWASP.
https://owasp.org/Top10/2025/A03_2025-Software_Supply_Chain_Failures/

The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.