Cyber Posture

CWE · MITRE source

CWE-665Improper Initialization

Abstraction: Class · CVEs in our corpus: 346

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

This can have security implications when the associated resource is expected to have certain properties or values, such as a variable that determines whether a user has been authenticated or not.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (2)AI

Control Title Family Why it addresses this CWE
SC-4Information in Shared System ResourcesSCEnsures shared resources are explicitly initialized or cleared on allocation, preventing exposure of prior contents to new users or processes.
SI-14Non-persistenceSIMandates that every instance begins in a known (presumably clean) state, eliminating reliance on residual or uninitialized state left by prior executions.

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2022-0847 KEV8.57.80.82342022-03-10
CVE-2023-17196.77.50.86132023-11-01
CVE-2019-142716.39.80.72202019-07-29
CVE-2020-27950 KEV5.75.50.43762020-12-08
CVE-2022-461645.39.40.56842022-12-05
CVE-2013-1675 KEV3.86.50.07952013-05-16
CVE-2022-227193.37.50.29852022-03-14
CVE-2008-00622.99.80.16262008-03-19
CVE-2019-12992.96.50.26462019-09-11
CVE-2017-137152.79.80.13132017-08-29
CVE-2019-34642.69.80.09902019-02-06
CVE-2008-36372.58.80.12482008-09-26
CVE-2022-363642.58.80.11792022-07-28
CVE-2018-08972.14.70.18632018-03-14
CVE-2024-398642.19.80.02392024-07-05
CVE-2018-07462.04.70.17182018-01-04
CVE-2017-54682.09.10.02202018-06-11
CVE-2018-119492.09.80.00272019-05-24
CVE-2015-83672.09.80.00972020-01-14
CVE-2019-101962.09.80.00362021-03-19
CVE-2021-412642.09.80.00642021-11-12
CVE-2022-371282.09.80.01382022-08-31
CVE-2021-336352.09.80.00152023-10-29
CVE-2018-09011.94.70.16432018-03-14
CVE-2018-200221.97.50.06182018-12-19