CWE-451: User Interface (UI) Misrepresentation of Critical Information
low-riskThe user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.
Abstraction: Class
Common Consequences
Non-Repudiation
→
Hide Activities
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2024-38112 | 7.5 | 92.6% | Y |
| CVE-2024-43461 | 8.8 | 10.8% | Y |
| CVE-2024-55889 | 4.9 | 7.0% | — |
| CVE-2024-38197 | 6.5 | 6.0% | — |
| CVE-2024-49040 | 7.5 | 5.7% | — |
| CVE-2025-29825 | 6.5 | 3.2% | — |
| CVE-2024-30055 | 5.4 | 1.5% | — |
| CVE-2025-29796 | 4.7 | 1.5% | — |
| CVE-2024-0750 | 8.8 | 1.5% | — |
| CVE-2022-23646 | 5.9 | 1.4% | — |
1
/ 100
low-risk
Active Threat
1/50 · Minimal
Exploit Availability
0/50 · Minimal