CWE-603: Use of Client-Side Authentication
low-riskA client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client that omits the authentication check.
Abstraction: Base
Common Consequences
Access Control
→
Bypass Protection Mechanism
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2022-3218 | 9.8 | 84.6% | — |
| CVE-2017-7909 | 9.8 | 1.6% | — |
| CVE-2025-24517 | 7.5 | 0.5% | — |
| CVE-2022-33139 | 9.8 | 0.4% | — |
| CVE-2024-45785 | 7.5 | 0.3% | — |
| CVE-2020-7591 | 8.8 | 0.3% | — |
| CVE-2025-12868 | 9.8 | 0.3% | — |
| CVE-2021-43355 | 7.3 | 0.2% | — |
| CVE-2020-6988 | 7.5 | 0.2% | — |
| CVE-2025-62649 | 5.8 | 0.2% | — |
2
/ 100
low-risk
Active Threat
2/50 · Minimal
Exploit Availability
0/50 · Minimal