Meta attack pattern

Stable

CAPEC-25: Forced Deadlock

The adversary triggers and exploits a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock conditions can be difficult to detect.

Last updated June 1, 2026

High

Typical severity

Per MITRE

Low

Likelihood of attack

Per MITRE

6

Related weaknesses

CWEs this targets

Overview

CAPEC-25 (Forced Deadlock) is a meta-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

How the attack works

The phases an attacker typically follows to carry out this attack.

Step 1
Explore
The adversary initiates an exploratory phase to get familiar with the system.
Step 2
Explore
The adversary triggers a first action (such as holding a resource) and initiates a second action which will wait for the first one to finish.
Step 3
Explore
If the target program has a deadlock condition, the program waits indefinitely resulting in a denial of service.

What the attacker needs

Prerequisites

The target host has a deadlock condition. There are four conditions for a deadlock to occur, known as the Coffman conditions. [REF-101]

The target host exposes an API to the user.

Skills required

Medium skill: This type of attack may be sophisticated and require knowledge about the system's resources and APIs.

Consequences

What a successful CAPEC-25 attack can achieve.

Resource Consumption

Affects: Availability

A successful forced deadlock attack compromises the availability of the system by exhausting its available resources.

How to mitigate it

Defenses that reduce the risk of CAPEC-25.

Use known algorithm to avoid deadlock condition (for instance non-blocking synchronization algorithms).
For competing actions, use well-known libraries which implement synchronization.

Examples

An example of a deadlock which may occur in database products is the following. Client applications using the database may require exclusive access to a table, and in order to gain exclusive access they ask for a lock. If one client application holds a lock on a table and attempts to obtain the lock on a second table that is already held by a second client application, this may lead to deadlock if the second application then attempts to obtain the lock that is held by the first application (Source: Wikipedia, http://en.wikipedia.org/wiki/Deadlock)

Terminology & mappings

Mapped taxonomies

ATTACK: Endpoint Denial of Service: Application or System Exploitation (1499.004)

Frequently asked questions

Common questions about CAPEC-25.

What is CAPEC-25?

The adversary triggers and exploits a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock conditions can be difficult to detect.

How does a Forced Deadlock attack work?

It typically unfolds over 3 phases. It begins with: The adversary initiates an exploratory phase to get familiar with the system.

How do you prevent CAPEC-25?

Use known algorithm to avoid deadlock condition (for instance non-blocking synchronization algorithms).

What weaknesses does CAPEC-25 target?

CAPEC-25 exploits 6 CWE weaknesses, including CWE-412 (Unrestricted Externally Accessible Lock), CWE-567 (Unsynchronized Access to Shared Data in a Multithreaded Context), CWE-662 (Improper Synchronization), CWE-667 (Improper Locking).

How severe is CAPEC-25?

MITRE rates CAPEC-25 as High severity with low likelihood of attack.

References

Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.

Defend against CAPEC-25

Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.

Start free See pricing