A08:2025 Software or Data Integrity Failures
Code or data is trusted without integrity verification — insecure deserialization, unsigned updates, CI/CD compromise paths.
Related on the LLM side: OWASP Top 10 for LLMs LLM04:2025.
Member CWEs (14)
- CWE-345 Insufficient Verification of Data Authenticity
- CWE-353 Missing Support for Integrity Check
- CWE-426 Untrusted Search Path
- CWE-427 Uncontrolled Search Path Element
- CWE-494 Download of Code Without Integrity Check
- CWE-502 Deserialization of Untrusted Data
- CWE-506 Embedded Malicious Code
- CWE-509 Replicating Malicious Code (Virus or Worm)
- CWE-565 Reliance on Cookies without Validation and Integrity Checking
- CWE-784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision
- CWE-829 Inclusion of Functionality from Untrusted Control Sphere
- CWE-830 Inclusion of Web Functionality from an Untrusted Source
- CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes
- CWE-926 Improper Export of Android Application Components
Mapped NIST 800-53 r5 controls (5)
Our two-way, human-QA’d reading of how this category and each NIST 800-53 control relate. No external body publishes an OWASP→800-53 mapping, so these are our assessment.
Direction: ← other covers this;
→ this covers other (F/M/P = full / mostly /
partial).
Tagged CVEs (showing 50 most recent of 6,121)
- CVE-2026-58593
- CVE-2026-58127
- CVE-2026-58126
- CVE-2026-58116
- CVE-2026-58025
- CVE-2026-57919
- CVE-2026-57677
- CVE-2026-57621
- CVE-2026-57527
- CVE-2026-57516
- CVE-2026-56700
- CVE-2026-56447
- CVE-2026-56304
- CVE-2026-56276
- CVE-2026-56142
- CVE-2026-56121
- CVE-2026-56073
- CVE-2026-56057
- CVE-2026-56055
- CVE-2026-56053
- CVE-2026-56037
- CVE-2026-56032
- CVE-2026-56031
- CVE-2026-55736
- CVE-2026-55698
- CVE-2026-55697
- CVE-2026-55487
- CVE-2026-55223
- CVE-2026-55153
- CVE-2026-54806
- CVE-2026-54672
- CVE-2026-54516
- CVE-2026-54515
- CVE-2026-54512
- CVE-2026-54351
- CVE-2026-54325
- CVE-2026-54318
- CVE-2026-54288
- CVE-2026-54266
- CVE-2026-54232
- CVE-2026-54194
- CVE-2026-54055
- CVE-2026-53914
- CVE-2026-53900
- CVE-2026-53899
- CVE-2026-53874
- CVE-2026-53871
- CVE-2026-53865
- CVE-2026-53862
- CVE-2026-53858
Data: OWASP Top 10:2025 (CC BY-SA 4.0) · CWE memberships from cwe-api.mitre.org (meta-category CWE-1443).