CWE-912: Hidden Functionality
low-riskThe product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.
Abstraction: Class
Common Consequences
Other
→
Varies by Context
Detection Methods
Automated Static Analysis
Conduct a code coverage analysis using live testing, then closely inspect any code that is not covered.
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2024-20439 | 9.8 | 86.3% | Y |
| CVE-2010-20103 | 9.8 | 85.1% | — |
| CVE-2011-10018 | 9.8 | 53.0% | — |
| CVE-2024-6045 | 8.8 | 7.6% | — |
| CVE-2021-24867 | 9.8 | 6.7% | — |
| CVE-2023-40158 | 8.8 | 5.0% | — |
| CVE-2025-47729 | 1.9 | 4.1% | Y |
| CVE-2020-16204 | 9.8 | 3.2% | — |
| CVE-2024-45697 | 9.8 | 2.3% | — |
| CVE-2020-28593 | 8.1 | 2.0% | — |
5
/ 100
low-risk
Active Threat
3/50 · Minimal
Exploit Availability
2/50 · Minimal