CWE-237 - Improper Handling of Structural Elements
- Abstraction:Base
- Structure:Simple
- Status:Incomplete
- Release Date:2006-07-19
- Latest Modification Date:2023-06-29
Weakness Name
Improper Handling of Structural Elements
Description
The product does not handle or incorrectly handles inputs that are related to complex structures.
Common Consequences
Scope: Integrity
Impact: Unexpected State
Related Weaknesses
Oracle denies breach after hacker claims theft of 6 million data records
Microsoft confirms it's killing off Skype in May, after 14 years
CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites
CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)
NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248)
New SuperBlack ransomware exploits Fortinet auth bypass flaws
Microsoft Trusted Signing service abused to code-sign malware
Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)
Oracle customers confirm data stolen in alleged cloud breach is valid
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
CVE-2025-30066 tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-24201 Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives