CWE-354: Improper Validation of Integrity Check Value
The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
Last updated
Overview
Improper validation of checksums before use results in an unnecessary risk that can easily be mitigated. The protocol specification describes the algorithm used for calculating the checksum. It is then a simple matter of implementing the calculation and verifying that the calculated checksum and the received checksum match. Improper verification of the calculated checksum and the received checksum can lead to far greater consequences.
Real-world CVEs
95 recorded CVEs are caused by CWE-354 (Improper Validation of Integrity Check Value). The highest-severity and most recent are shown first. 24 new CWE-354 CVEs have been recorded so far in 2026 (17 in 2025).
- CVE-2024-25678Critical · CVSS 9.8 · EPSS 28th2024-02-09
- CVE-2023-28386Critical · CVSS 9.8 · EPSS 34th2023-05-22
- CVE-2026-13385Critical · CVSS 9.5 · EPSS 1th2026-07-15
- CVE-2025-11543Critical · CVSS 9.5 · EPSS 7th2025-12-22
- CVE-2026-33026
nginx-ui Backup Restore Allows Tampering with Encrypted Backups
Critical · CVSS 9.4 · EPSS 25th2026-03-30 - CVE-2026-32105
xrdp: RDP MAC signature (dataSignature) never verified on receive — integrity bypass in non-TLS mode
Critical · CVSS 9.3 · EPSS 7th2026-04-17 - CVE-2025-7096
Comodo Internet Security Premium Manifest File cis_update_x64.xml integrity check
Critical · CVSS 9.2 · EPSS 31th2025-07-06 - CVE-2026-34182
CMS AuthEnvelopedData Processing May Accept Forged Messages
Critical · CVSS 9.1 · EPSS 15th2026-06-09 - CVE-2025-54887
jwe: Missing AES-GCM authentication tag validation in encrypted JWEs
Critical · CVSS 9.1 · EPSS 16th2025-08-08 - CVE-2022-29898
Remote Code Execution in all versions of various RAD-ISM-900-EN-* devices by PHOENIX CONTACT
Critical · CVSS 9.1 · EPSS 45th2022-05-11 - CVE-2026-32148
Lockfile checksums not verified in Hex allows dependency integrity bypass
High · CVSS 8.9 · EPSS 9th2026-04-30 - CVE-2026-40323
SP1 V6 Recursion Circuit Row-Count Binding Gap
High · CVSS 8.9 · EPSS 9th2026-04-17
Showing 12 of 95 recorded CWE-354 CVEs. Track new ones as they are published and get AI-written analysis and fixes.
Monitor CWE-354 vulnerabilitiesCommon consequences
What can happen when CWE-354 is exploited.
Modify Application Data, Other
Affects: Integrity, Other
Integrity checks usually use a secret key that helps authenticate the data origin. Skipping integrity checking generally opens up the possibility that new data from an invalid source can be injected.
Other
Affects: Integrity, Other
Data that is parsed and used may be corrupted.
Hide Activities, Other
Affects: Non-Repudiation, Other
Without a checksum check, it is impossible to determine if any changes have been made to the data after it was sent.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
How to prevent it
Practical mitigations for CWE-354, grouped by where in the lifecycle they apply.
Ensure that the checksums present in messages are properly checked in accordance with the protocol specification before they are parsed and used.
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
The following example demonstrates the weakness.
Vulnerable example
sd = socket(AF_INET, SOCK_DGRAM, 0); serv.sin_family = AF_INET;Vulnerable example
while(true) {Illustrative examples
Real CVEs that MITRE cites as examples of this weakness.
- CVE-2024-47573 — network analysis tool does not properly validate an integrity check value, allowing installation of malicious firmware
Terminology & mappings
Mapped taxonomies
- ISA/IEC 62443: Req SR 3.1 (Part 3-3)
- CLASP: Failure to check integrity check value
Attack patterns
CAPEC attack patterns that exploit this weakness.
Frequently asked questions
Common questions about CWE-354.
- What is CWE-354?
- The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
- What CVEs are caused by CWE-354?
- 95 recorded CVEs are attributed to CWE-354, including CVE-2024-25678, CVE-2023-28386, CVE-2026-13385.
- How do you prevent CWE-354?
- Ensure that the checksums present in messages are properly checked in accordance with the protocol specification before they are parsed and used.
- What are the consequences of CWE-354?
- Exploiting CWE-354 can lead to: Modify Application Data, Other, Hide Activities.
- Is CWE-354 actively exploited?
- 95 recorded CVEs are caused by CWE-354; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-354) (opens in a new tab)
- CWE-354 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-354
Get alerted the moment a new CWE-354 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.