CWE-825Expired Pointer Dereference

Abstraction: Base · CVEs in our corpus: 33

The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.

When a product releases memory, but it maintains a pointer to that memory, then the memory might be re-allocated at a later time. If the original pointer is accessed to read or write data, then this could cause the product to read or modify data that is in use by a different function or process. Depending on how the newly-allocated memory is used, this could lead to a denial of service, information exposure, or code execution.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (0)AI

Control	Title	Family	Why it addresses this CWE
No NIST controls proposed yet.

Top CVEs of this weakness type, ranked by Risk Priority

CVE	Risk	CVSS	EPSS	Published
`CVE-2023-48316`	2.2	9.8	0.0317	2023-12-05
`CVE-2023-48692`	2.1	9.0	0.0503	2023-12-05
`CVE-2024-23638`	2.1	6.5	0.1256	2024-01-24
`CVE-2024-23310`	2.0	9.8	0.0054	2024-02-20
`CVE-2023-48315`	1.8	8.8	0.0109	2023-12-05
`CVE-2023-48694`	1.8	6.8	0.0745	2023-12-05
`CVE-2025-49794`	1.8	9.1	0.0044	2025-06-16
`CVE-2019-15691`	1.7	7.2	0.0368	2019-12-26
`CVE-2026-7111`	1.7	8.4	0.0002	2026-04-29
`CVE-2023-20212`	1.6	7.5	0.0096	2023-08-18
`CVE-2024-39792`	1.6	7.5	0.0105	2024-08-14
`CVE-2024-8250`	1.6	7.8	0.0003	2024-08-29
`CVE-2025-49795`	1.6	7.5	0.0083	2025-06-16
`CVE-2026-30978`	1.6	7.8	0.0002	2026-03-10
`CVE-2026-34001`	1.6	7.8	0.0001	2026-04-23
`CVE-2023-48697`	1.5	6.4	0.0285	2023-12-05
`CVE-2023-48698`	1.5	6.8	0.0163	2023-12-05
`CVE-2026-32873`	1.5	7.5	0.0002	2026-03-20
`CVE-2023-48696`	1.4	6.7	0.0064	2023-12-05
`CVE-2025-12119`	1.4	6.8	0.0001	2025-11-18
`CVE-2021-39228`	1.3	6.5	0.0055	2021-09-17
`CVE-2024-45105`	1.3	6.7	0.0008	2024-09-13
`CVE-2025-30653`	1.3	6.5	0.0013	2025-04-09
`CVE-2026-2436`	1.3	6.5	0.0008	2026-03-26
`CVE-2026-5165`	1.3	6.7	0.0001	2026-03-30