CWE-641: Improper Restriction of Names for Files and Other Resources
low-riskThe product constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resulting name.
Abstraction: Base
Common Consequences
Integrity
→
Execute Unauthorized Code or Commands
Confidentiality
→
Read Application Data
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2025-47953 | 8.4 | 1.1% | — |
| CVE-2024-45312 | 5.3 | 1.0% | — |
| CVE-2025-47173 | 7.8 | 0.8% | — |
| CVE-2021-41146 | 8.8 | 0.7% | — |
| CVE-2022-36302 | 8.8 | 0.7% | — |
| CVE-2022-23536 | 6.5 | 0.6% | — |
| CVE-2025-21361 | 7.8 | 0.5% | — |
| CVE-2025-21402 | 7.8 | 0.5% | — |
| CVE-2023-0046 | 7.2 | 0.4% | — |
| CVE-2024-47260 | 6.5 | 0.4% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal