Cyber Posture

CWE · MITRE source

CWE-477Use of Obsolete Function

Abstraction: Base · CVEs in our corpus: 16

The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.

As programming languages evolve, functions occasionally become obsolete due to: Functions that are removed are usually replaced by newer counterparts that perform the same task in some different and hopefully improved way.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (4)AI

Control Title Family Why it addresses this CWE
PM-15Security and Privacy Groups and AssociationsPMInstitutionalized information sharing keeps developers aware of obsolete functions and the need to replace them with supported alternatives.
RA-4Risk Assessment UpdateRARegular reassessment flags use of obsolete functions whose security properties have degraded or whose replacements contain fixes for known weaknesses.
SA-22Unsupported System ComponentsSAEliminates reliance on functions or components explicitly declared obsolete and unsupported by their maintainers.
SI-2Flaw RemediationSISoftware and firmware updates replace obsolete functions whose retained presence leaves systems exposed to publicly known weaknesses.

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2025-492202.59.80.08362025-06-17
CVE-2025-492192.49.80.07762025-06-17
CVE-2025-492122.39.80.05272025-06-17
CVE-2025-492132.39.80.05272025-06-17
CVE-2025-492172.19.80.02972025-06-17
CVE-2018-178902.09.80.00672018-10-12
CVE-2023-234512.09.80.00352023-04-19
CVE-2025-492142.08.80.03252025-06-17
CVE-2025-492162.09.80.00242025-06-17
CVE-2019-182511.88.80.00262019-11-26
CVE-2026-16931.57.50.00062026-02-26
CVE-2020-69781.47.20.00152020-03-24
CVE-2022-13841.04.70.00332022-04-19
CVE-2019-109680.94.40.00062019-07-24
CVE-2023-288290.83.90.00112023-06-13
CVE-2019-109880.73.40.00052019-09-04