CWE-313: Cleartext Storage in a File or on Disk
The product stores sensitive information in cleartext in a file, or on disk.
Last updated
Overview
The sensitive information could be read by attackers with access to the file, or with physical or administrator access to the raw disk. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.
Real-world CVEs
25 recorded CVEs are caused by CWE-313 (Cleartext Storage in a File or on Disk). The highest-severity and most recent are shown first. 4 new CWE-313 CVEs have been recorded so far in 2026 (5 in 2025).
- CVE-2025-64305
Columbia Weather Systems MicroServer Cleartext Storage in a File or on Disk
High · CVSS 7.12026-01-07 - CVE-2024-38280
Cleartext Storage in a File or on Disk in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
High · CVSS 7.02024-06-13 - CVE-2026-5531
SourceCodester Student Result Management System HTTP GET Request login_credentials.txt cleartext storage in file