Cyber Resilience

CWE · MITRE source

CWE-525Use of Web Browser Cache Containing Sensitive Information

Abstraction: Variant · CVEs in our corpus: 29

The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: full · 6 mapping(s) from 4 framework(s): ASVS 5.0 2 (full) · ATT&CK 2 (partial) · CAPEC 1 (partial) · OWASP-Web 1 (partial)

See the full cumulative-coverage rollup →

OWASP Top 10 for Web (2025)

This weakness contributes to A06:2025 Insecure Design.

NIST 800-53 r5 controls that address this weakness (0)AI

Control Title Family Why it addresses this CWE
No NIST controls proposed yet.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2025-155545.57.80.00142026-03-16
CVE-2021-420153.55.50.00222021-11-09
CVE-2023-234693.54.00.00182023-02-01
CVE-2023-275453.54.00.00192024-02-29
CVE-2023-461813.54.00.00182024-03-15
CVE-2024-223433.54.00.00222024-05-14
CVE-2022-438413.54.00.00162024-05-30
CVE-2024-251423.55.50.00322024-06-14
CVE-2022-383833.54.00.00172024-06-28
CVE-2024-223493.54.00.00212025-01-20
CVE-2024-319063.56.20.00182025-01-26
CVE-2023-430353.54.00.00142025-04-10
CVE-2025-1334 UPD3.54.00.00162025-06-03
CVE-2025-1348 UPD3.54.00.00132025-06-18
CVE-2025-360823.54.00.00122025-09-15
CVE-2025-622763.55.50.00122025-11-01
CVE-2026-244373.55.50.00152026-01-26
CVE-2026-275143.56.50.00222026-02-23
CVE-2025-363643.56.20.00112026-03-03
CVE-2026-413223.55.30.00242026-04-24
CVE-2026-41918 UPD3.55.70.00192026-06-02
CVE-2025-27525 UPD1.63.90.00122025-05-15
CVE-2024-223331.53.30.00182024-06-13
CVE-2024-301301.53.70.00292024-07-19
CVE-2024-453141.53.60.00262024-09-04