CWE-316: Cleartext Storage of Sensitive Information in Memory
The product stores sensitive information in cleartext in memory.
Last updated
Overview
The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the product crashes, or if the programmer does not properly clear the memory before freeing it. It could be argued that such problems are usually only exploitable by those with administrator privileges. However, swapping could cause the memory to be written to disk and leave it accessible to physical attack afterwards. Core dump files might have insecure permissions or be stored in archive files that are accessible to untrusted people. Or, uncleared sensitive memory might be inadvertently exposed to attackers due to another weakness.
Real-world CVEs
36 recorded CVEs are caused by CWE-316 (Cleartext Storage of Sensitive Information in Memory). The highest-severity and most recent are shown first. 3 new CWE-316 CVEs have been recorded so far in 2026 (12 in 2025).
- CVE-2025-52579
Emerson ValveLink Products Cleartext Storage of Sensitive Information in Memory
Critical · CVSS 9.3 · EPSS 29th2025-07-10 - CVE-2014-2366
Advantech WebAccess Cleartext Storage of Sensitive Information in Memory
Critical · CVSS 9.0 · EPSS 67th2014-07-19 - CVE-2025-50109
Emerson ValveLink Products Cleartext Storage of Sensitive Information in Memory
High · CVSS 8.5 · EPSS 2th2025-07-10 - CVE-2024-36792High · CVSS 8.2 · EPSS 20th2024-06-07
- CVE-2022-0835
AVEVA System Platform Cleartext Storage of Sensitive Information in Memory
High · CVSS 8.1 · EPSS 6th2022-04-11 - CVE-2026-8636
Multiple Vulnerabilities in IBM Datacap
High · CVSS 7.5 · EPSS 4th2026-06-22 - CVE-2024-39732High · CVSS 7.5 · EPSS 9th2024-07-14
- CVE-2023-44153High · CVSS 7.5 · EPSS 21th2023-09-27
- CVE-2023-3762High · CVSS 7.5 · EPSS 25th2023-07-19
- CVE-2023-40724High · CVSS 7.3 · EPSS 2th2023-09-12
- CVE-2024-24915High · CVSS 7.2 · EPSS 7th2025-06-29
- CVE-2024-25649Medium · CVSS 6.7 · EPSS 0th2024-03-14
Showing 12 of 36 recorded CWE-316 CVEs. Track new ones as they are published and get AI-written analysis and fixes.
Monitor CWE-316 vulnerabilitiesCommon consequences
What can happen when CWE-316 is exploited.
Read Memory
Affects: Confidentiality
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Illustrative examples
Real CVEs that MITRE cites as examples of this weakness.
- CVE-2025-24870 — GUI for a desktop client stores credentials in program memory, allowing privilege escalation
- CVE-2001-1517 — Sensitive authentication information in cleartext in memory.
- CVE-2001-0984 — Password protector leaves passwords in memory when window is minimized, even when "clear password when minimized" is set.
- CVE-2003-0291 — SSH client does not clear credentials from memory.
Terminology & mappings
Mapped taxonomies
- PLOVER: Plaintext Storage in Memory
- Software Fault Patterns: Exposed Data (SFP23)
Frequently asked questions
Common questions about CWE-316.
- What is CWE-316?
- The product stores sensitive information in cleartext in memory.
- What CVEs are caused by CWE-316?
- 36 recorded CVEs are attributed to CWE-316, including CVE-2025-52579, CVE-2014-2366, CVE-2025-50109.
- What are the consequences of CWE-316?
- Exploiting CWE-316 can lead to: Read Memory.
- Is CWE-316 actively exploited?
- 36 recorded CVEs are caused by CWE-316; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-316) (opens in a new tab)
- CWE-316 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-316
Get alerted the moment a new CWE-316 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.