CWE-425β€”Direct Request ('Forced Browsing')

PUBLISHEDweakness record
released 2006-07-19 Β· last modified 2026-04-30
CWE-425 - Direct Request ('Forced Browsing') - Diagram

Metadata

CWE ID:
CWE-425
Abstraction:
Base
Structure:
Simple
Status:
Incomplete
Release Date:
2006-07-19
Latest Modification Date:
2026-04-30

Weakness Name

Direct Request ('Forced Browsing')

Description

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

Common Consequences

Scope:
Confidentiality, Integrity, Availability, Access Control
Impact:
Read Application Data, Modify Application Data, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity

Related Weaknesses