CWE-471: Modification of Assumed-Immutable Data (MAID)
The product does not properly protect an assumed-immutable element from being modified by an attacker.
Last updated
Overview
This occurs when a particular input is critical enough to the functioning of the application that it should not be modifiable at all, but it is. Certain resources are often assumed to be immutable when they are not, such as hidden form fields in web applications, cookies, and reverse DNS lookups.
Real-world CVEs
31 recorded CVEs are caused by CWE-471 (Modification of Assumed-Immutable Data (MAID)). The highest-severity and most recent are shown first. 1 new CWE-471 CVE has been recorded so far in 2026 (5 in 2025).
- CVE-2022-25893Critical · CVSS 9.8 · EPSS 70th2022-12-21
- CVE-2020-8158Critical · CVSS 9.8 · EPSS 80th2020-09-18
- CVE-2020-8147Critical · CVSS 9.8 · EPSS 86th2020-04-03
- CVE-2025-33136
IBM Aspera Faspex data modification
High · CVSS 8.8 · EPSS 21th2025-05-22 - CVE-2018-3720High · CVSS 8.8 · EPSS 79th2018-06-07
- CVE-2018-3722High · CVSS 8.8 · EPSS 79th2018-06-07
- CVE-2018-3723High · CVSS 8.8 · EPSS 79th2018-06-07
- CVE-2018-3719High · CVSS 8.8 · EPSS 80th2018-06-07
- CVE-2018-3728High · CVSS 8.8 · EPSS 90th2018-03-30
- CVE-2020-26237High · CVSS 8.7 · EPSS 67th2020-11-24
- CVE-2024-9876High · CVSS 8.5 · EPSS 14th2025-04-30
- CVE-2022-2390High · CVSS 8.4 · EPSS 1th2022-08-12
Showing 12 of 31 recorded CWE-471 CVEs. Track new ones as they are published and get AI-written analysis and fixes.
Monitor CWE-471 vulnerabilitiesCommon consequences
What can happen when CWE-471 is exploited.
Modify Application Data
Affects: Integrity
Common data types that are attacked are environment variables, web application parameters, and HTTP headers.
Unexpected State
Affects: Integrity
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Technologies
How to prevent it
Practical mitigations for CWE-471, grouped by where in the lifecycle they apply.
When the data is stored or transmitted through untrusted sources that could modify the data, implement integrity checks to detect unauthorized modification, or store/transmit the data in a trusted location that is free from external influence.
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
In the code excerpt below, an array returned by a Java method is modified despite the fact that arrays are mutable.
Vulnerable example
String[] colors = car.getAllPossibleColors();Illustrative examples
Real CVEs that MITRE cites as examples of this weakness.
- CVE-2002-1757 — Relies on $PHP_SELF variable for authentication.
- CVE-2005-1905 — Gain privileges by modifying assumed-immutable code addresses that are accessed by a driver.
Terminology & mappings
Mapped taxonomies
- PLOVER: Modification of Assumed-Immutable Data
Attack patterns
CAPEC attack patterns that exploit this weakness.
Frequently asked questions
Common questions about CWE-471.
- What is CWE-471?
- The product does not properly protect an assumed-immutable element from being modified by an attacker.
- What CVEs are caused by CWE-471?
- 31 recorded CVEs are attributed to CWE-471, including CVE-2022-25893, CVE-2020-8158, CVE-2020-8147.
- How do you prevent CWE-471?
- When the data is stored or transmitted through untrusted sources that could modify the data, implement integrity checks to detect unauthorized modification, or store/transmit the data in a trusted location that is free from external influence.
- What are the consequences of CWE-471?
- Exploiting CWE-471 can lead to: Modify Application Data, Unexpected State.
- Is CWE-471 actively exploited?
- 31 recorded CVEs are caused by CWE-471; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-471) (opens in a new tab)
- CWE-471 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-471
Get alerted the moment a new CWE-471 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.