CWE-506: Embedded Malicious Code

low-risk

The product contains code that appears to be malicious in nature.

Abstraction: Class

Common Consequences

Confidentiality Execute Unauthorized Code or Commands

Detection Methods

Manual Static Analysis - Binary or Bytecode

According to SOAR [REF-1479], the following detection techniques may be useful: Cost effective for partial coverage: Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies Generated Code Inspection

Dynamic Analysis with Manual Results Interpretation

According to SOAR [REF-1479], the following detection techniques may be useful: Cost effective for partial coverage: Automated Monitored Execution

Manual Static Analysis - Source Code

According to SOAR [REF-1479], the following detection techniques may be useful: Cost effective for partial coverage: Manual Source Code Review (not inspections)

Automated Static Analysis

According to SOAR [REF-1479], the following detection techniques may be useful: Cost effective for partial coverage: Origin Analysis

Real-World Examples (10)

CVE CVSS EPSS KEV
CVE-2025-30066 8.6 91.3% Y
CVE-2024-3094 10.0 85.0%
CVE-2025-59374 9.8 31.8% Y
CVE-2026-33634 8.8 21.2% Y
CVE-2025-30154 8.6 15.4% Y
CVE-2024-4978 8.4 14.1% Y
CVE-2025-54313 7.5 10.5% Y
CVE-2023-2003 9.1 0.3%
CVE-2017-16051 7.5 0.3%
CVE-2017-16047 7.5 0.3%
18
/ 100
low-risk
Active Threat 11/50 · Low
Exploit Availability 7/50 · Minimal