CWE-348: Use of Less Trusted Source
low-riskThe product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.
Abstraction: Base
Common Consequences
Access Control
→
Bypass Protection Mechanism
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2024-45410 | 9.8 | 13.9% | — |
| CVE-2022-4539 | 5.3 | 5.1% | — |
| CVE-2022-2255 | 7.5 | 0.5% | — |
| CVE-2024-10977 | 3.1 | 0.3% | — |
| CVE-2021-21374 | 8.1 | 0.3% | — |
| CVE-2024-6171 | 5.3 | 0.2% | — |
| CVE-2024-47880 | 8.1 | 0.2% | — |
| CVE-2021-21373 | 7.5 | 0.2% | — |
| CVE-2025-48865 | 9.1 | 0.2% | — |
| CVE-2025-24856 | 4.2 | 0.1% | — |
1
/ 100
low-risk
Active Threat
1/50 · Minimal
Exploit Availability
0/50 · Minimal