CWE-5: J2EE Misconfiguration: Data Transmission Without Encryption
low-riskInformation sent over a network can be compromised while in transit. An attacker may be able to read or modify the contents if the data are sent in plaintext or are weakly encrypted.
Abstraction: Variant
Common Consequences
Confidentiality
→
Read Application Data
Integrity
→
Modify Application Data
Real-World Examples (2)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2025-52435 | 7.5 | 0.0% | — |
| CVE-2025-65297 | 7.5 | 0.0% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal