CWE-653β€”Improper Isolation or Compartmentalization

PUBLISHEDweakness record
released 2008-01-30 Β· last modified 2025-12-11

Metadata

CWE ID:
CWE-653
Abstraction:
Class
Structure:
Simple
Status:
Draft
Release Date:
2008-01-30
Latest Modification Date:
2025-12-11

Weakness Name

Improper Isolation or Compartmentalization

Description

The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.

When a weakness occurs in functionality that is accessible by lower-privileged users, then without strong boundaries, an attack might extend the scope of the damage to higher-privileged users.

Common Consequences

Scope:
Access Control
Impact:
Gain Privileges or Assume Identity, Bypass Protection Mechanism
Notes:
The exploitation of a weakness in low-privileged areas of the software can be leveraged to reach higher-privileged areas without having to overcome any additional obstacles.

Related Weaknesses