CWE-525: Use of Web Browser Cache Containing Sensitive Information
The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.
Last updated
Overview
CWE-525 (Use of Web Browser Cache Containing Sensitive Information) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
29 recorded CVEs are caused by CWE-525 (Use of Web Browser Cache Containing Sensitive Information). The highest-severity and most recent are shown first. 7 new CWE-525 CVEs have been recorded so far in 2026 (11 in 2025).
- CVE-2025-48947
NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies
High · CVSS 7.7 · EPSS 30th2025-06-04 - CVE-2025-52659
HCL AION is affected by a Cacheable HTTP Response vulnerability
High · CVSS 7.5 · EPSS 5th2026-01-19 - CVE-2025-52625
HCL AION is susceptible to Cacheable SSL Page Found vulnerability
High · CVSS 7.5 · EPSS 13th