CWE-1025: Comparison Using Wrong Factors
The code performs a comparison between two entities, but the comparison examines the wrong factors or characteristics of the entities, which can lead to incorrect results and resultant weaknesses.
Last updated
Overview
CWE-1025 (Comparison Using Wrong Factors) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
9 recorded CVEs are caused by CWE-1025 (Comparison Using Wrong Factors). The highest-severity and most recent are shown first. 4 new CWE-1025 CVEs have been recorded so far in 2026 (4 in 2025).
- CVE-2025-71377
stoatchat before 20250210-1 Unrestricted Message History Fetch
High · CVSS 8.72026-07-16 - CVE-2024-20342High · CVSS 8.6 · EPSS 40th2024-10-23
- CVE-2026-9800
Keycloak-policy-enforcer: keycloak policy enforcer: authorization bypass via incorrect uri comparison
High · CVSS 8.1 · EPSS 22th2026-06-25