Base weakness

Incomplete

CWE-509: Replicating Malicious Code (Virus or Worm)

Replicating malicious code, including viruses and worms, will attempt to attack other systems once it has successfully compromised the target system or the product.

Last updated May 1, 2026

1

Recorded CVEs

With this primary weakness

0

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

CWE-509 (Replicating Malicious Code (Virus or Worm)) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.

Real-world CVEs

1 recorded CVEs are caused by CWE-509 (Replicating Malicious Code (Virus or Worm)). The highest-severity and most recent are shown first.

CVE-2017-16127
Unscored · EPSS 55th
2018-06-07

Common consequences

What can happen when CWE-509 is exploited.

Execute Unauthorized Code or Commands

Affects: Confidentiality, Integrity, Availability

How it happens

When it is introduced

Typically introduced during these phases of the software lifecycle.

Implementation

Operation

How to prevent it

Practical mitigations for CWE-509, grouped by where in the lifecycle they apply.

Operation

Antivirus software scans for viruses or worms.

Installation

Always verify the integrity of the software that is being installed.

Terminology & mappings

Mapped taxonomies

Landwehr: Replicating (virus)

Frequently asked questions

Common questions about CWE-509.

What is CWE-509?

Replicating malicious code, including viruses and worms, will attempt to attack other systems once it has successfully compromised the target system or the product.

What CVEs are caused by CWE-509?

1 recorded CVEs are attributed to CWE-509, including CVE-2017-16127.

How do you prevent CWE-509?

Antivirus software scans for viruses or worms.

What are the consequences of CWE-509?

Exploiting CWE-509 can lead to: Execute Unauthorized Code or Commands.

Is CWE-509 actively exploited?

1 recorded CVEs are caused by CWE-509; none are currently in CISA's KEV catalog of actively exploited flaws.

References

Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.

Stay ahead of CWE-509

Get alerted the moment a new CWE-509 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.

Start free See pricing

How to prevent it

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-509?

What CVEs are caused by CWE-509?

How do you prevent CWE-509?

What are the consequences of CWE-509?

Is CWE-509 actively exploited?

References

Stay ahead of CWE-509