Description
The product has an attack surface whose quantitative measurement exceeds a desirable maximum.
Originating from software security, an "attack surface" measure typically reflects the number of input points and output points that can be utilized by an untrusted party, i.e. a potential attacker. A larger attack surface provides more places to attack, and more opportunities for developers to introduce weaknesses. In some cases, this measure may reflect other aspects of quality besides security; e.g., a product with many inputs and outputs may require a large number of tests in order to improve code coverage.
Potential Impact
Other
Varies by Context
Related Weaknesses
Frequently Asked Questions
What is CWE-1125?
CWE-1125 (Excessive Attack Surface) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product has an attack surface whose quantitative measurement exceeds a desirable maximum.
How can CWE-1125 be exploited?
Attackers can exploit CWE-1125 (Excessive Attack Surface) to varies by context. This weakness is typically introduced during the Implementation, Architecture and Design phase of software development.
How do I prevent CWE-1125?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-1125?
CWE-1125 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.