Cyber Resilience

CWE · MITRE source

CWE-477Use of Obsolete Function

Abstraction: Base · CVEs in our corpus: 16

The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.

As programming languages evolve, functions occasionally become obsolete due to: Functions that are removed are usually replaced by newer counterparts that perform the same task in some different and hopefully improved way.

Last updated: 04 July 2026 08:17 UTC

OWASP Top 10 for Web (2025)

This weakness contributes to A03:2025 Software Supply Chain Failures.

NIST 800-53 r5 controls that address this weakness (4)AI

Control Title Family Why it addresses this CWE
PM-15Security and Privacy Groups and AssociationsPMInstitutionalized information sharing keeps developers aware of obsolete functions and the need to replace them with supported alternatives.
RA-4Risk Assessment UpdateRARegular reassessment flags use of obsolete functions whose security properties have degraded or whose replacements contain fixes for known weaknesses.
SA-22Unsupported System ComponentsSAEliminates reliance on functions or components explicitly declared obsolete and unsupported by their maintainers.
SI-2Flaw RemediationSISoftware and firmware updates replace obsolete functions whose retained presence leaves systems exposed to publicly known weaknesses.

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2018-178907.09.80.03262018-10-12
CVE-2023-234517.09.80.00622023-04-19
CVE-2025-49219 UPD7.09.80.01332025-06-17
CVE-2025-49220 UPD7.09.80.01932025-06-17
CVE-2025-49212 UPD7.09.80.07942025-06-17
CVE-2025-49213 UPD7.09.80.07942025-06-17
CVE-2025-49216 UPD7.09.80.00492025-06-17
CVE-2025-49217 UPD7.09.80.01022025-06-17
CVE-2019-182515.58.80.01742019-11-26
CVE-2020-69785.57.20.00782020-03-24
CVE-2025-49214 UPD5.58.80.00762025-06-17
CVE-2026-16935.57.50.00312026-02-26
CVE-2019-109683.54.40.00342019-07-24
CVE-2022-13843.54.70.00632022-04-19
CVE-2023-288291.63.90.00292023-06-13
CVE-2019-109881.53.40.00342019-09-04