CWE · MITRE source
CWE-347Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (7)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
SC-17 | Public Key Infrastructure Certificates | SC | PKI certificates under an approved policy require cryptographic signature verification on issuance and validation. |
SC-20 | Secure Name/Address Resolution Service (Authoritative Source) | SC | Requires cryptographic signatures on authoritative data and support for verifying the chain of trust. |
SC-21 | Secure Name/Address Resolution Service (Recursive or Caching Resolver) | SC | Mandates verification of cryptographic signatures (e.g., DNSSEC RRSIG) on resolution responses, addressing missing or bypassed signature checks. |
CM-14 | Signed Components | CM | Requires verification of digital signatures using organization-approved certificates before installation, directly preventing improper verification of cryptographic signatures. |
SA-19 | Component Authenticity | SA | Component authenticity commonly depends on cryptographic signatures; the control enforces proper verification of those signatures. |
SI-7 | Software, Firmware, and Information Integrity | SI | Integrity tools commonly rely on cryptographic signatures whose improper validation this weakness covers. |
SR-11 | Component Authenticity | SR | Authenticity validation commonly relies on cryptographic signature or certificate checks that this control enforces. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2013-3900 KEV | 7.6 | 5.5 | 0.7444 | 2013-12-11 |
CVE-2018-0114 | 6.6 | 7.5 | 0.8469 | 2018-01-04 |
CVE-2024-8698 | 6.4 | 7.7 | 0.8126 | 2024-09-19 |
CVE-2024-9487 | 5.4 | 9.1 | 0.6027 | 2024-10-10 |
CVE-2024-47073 | 5.2 | 9.1 | 0.5611 | 2024-11-07 |
CVE-2020-2021 KEV | 5.1 | 10.0 | 0.1896 | 2020-06-29 |
CVE-2024-45409 | 4.5 | 10.0 | 0.4242 | 2024-09-10 |
CVE-2025-59718 KEV | 4.5 | 9.8 | 0.0939 | 2025-12-09 |
CVE-2020-1464 KEV | 4.0 | 7.8 | 0.0786 | 2020-08-17 |
CVE-2020-28042 | 3.2 | 5.3 | 0.3599 | 2020-11-02 |
CVE-2025-25291 | 3.2 | 9.8 | 0.2084 | 2025-03-12 |
CVE-2021-22160 | 3.1 | 9.8 | 0.1853 | 2021-05-26 |
CVE-2025-47827 KEV | 3.0 | 4.6 | 0.0095 | 2025-06-05 |
CVE-2020-9283 | 2.6 | 7.5 | 0.1868 | 2020-02-20 |
CVE-2024-32962 | 2.6 | 10.0 | 0.1063 | 2024-05-02 |
CVE-2025-23369 | 2.5 | 8.8 | 0.1178 | 2025-01-21 |
CVE-2020-9047 | 2.4 | 6.8 | 0.1783 | 2020-06-26 |
CVE-2021-33885 | 2.4 | 10.0 | 0.0692 | 2021-08-25 |
CVE-2018-8955 | 2.3 | 9.8 | 0.0494 | 2018-10-24 |
CVE-2025-25292 | 2.2 | 9.8 | 0.0471 | 2025-03-12 |
CVE-2018-12356 | 2.1 | 9.8 | 0.0261 | 2018-06-15 |
CVE-2018-5923 | 2.1 | 9.8 | 0.0154 | 2019-03-27 |
CVE-2019-6318 | 2.1 | 9.8 | 0.0154 | 2019-04-11 |
CVE-2021-37160 | 2.1 | 9.8 | 0.0203 | 2021-08-02 |
CVE-2021-37927 | 2.1 | 9.8 | 0.0214 | 2021-09-22 |