Base weakness

Incomplete

CWE-511: Logic/Time Bomb

The product contains code that is designed to disrupt the legitimate operation of the product (or its environment) when a certain time passes, or when a certain logical condition is met.

Last updated May 1, 2026

1

Recorded CVEs

With this primary weakness

0

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

When the time bomb or logic bomb is detonated, it may perform a denial of service such as crashing the system, deleting critical data, or degrading system response time. This bomb might be placed within either a replicating or non-replicating Trojan horse.

Real-world CVEs

1 recorded CVEs are caused by CWE-511 (Logic/Time Bomb). The highest-severity and most recent are shown first.

CVE-2023-52360
High · CVSS 7.5 · EPSS 18th
2024-02-18

Common consequences

What can happen when CWE-511 is exploited.

Varies by Context, Alter Execution Logic

Affects: Other, Integrity

How it happens

When it is introduced

Typically introduced during these phases of the software lifecycle.

Architecture and Design

Implementation

Applies to

Technologies

Mobile

How to prevent it

Practical mitigations for CWE-511, grouped by where in the lifecycle they apply.

Installation

Always verify the integrity of the product that is being installed.

How to detect it

Automated Static Analysis

Conduct a code coverage analysis using live testing, then closely inspect any code that is not covered.

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

Typical examples of triggers include system date or time mechanisms, random number generators, and counters that wait for an opportunity to launch their payload. When triggered, a time-bomb may deny service by crashing the system, deleting files, or degrading system response-time.

Terminology & mappings

Mapped taxonomies

Landwehr: Logic/Time Bomb

Frequently asked questions

Common questions about CWE-511.

What is CWE-511?

The product contains code that is designed to disrupt the legitimate operation of the product (or its environment) when a certain time passes, or when a certain logical condition is met.

What CVEs are caused by CWE-511?

1 recorded CVEs are attributed to CWE-511, including CVE-2023-52360.

How do you prevent CWE-511?

Always verify the integrity of the product that is being installed.

How is CWE-511 detected?

Automated Static Analysis: Conduct a code coverage analysis using live testing, then closely inspect any code that is not covered.

What are the consequences of CWE-511?

Exploiting CWE-511 can lead to: Varies by Context, Alter Execution Logic.

Is CWE-511 actively exploited?

1 recorded CVEs are caused by CWE-511; none are currently in CISA's KEV catalog of actively exploited flaws.

References

Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.

Stay ahead of CWE-511

Get alerted the moment a new CWE-511 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.

Start free See pricing