CWE-623: Unsafe ActiveX Control Marked Safe For Scripting

An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

This might allow attackers to use dangerous functionality via a web page that accesses the control, which can lead to different resultant vulnerabilities, depending on the control's behavior.

Real-world CVEs

3 recorded CVEs are caused by CWE-623 (Unsafe ActiveX Control Marked Safe For Scripting). The highest-severity and most recent are shown first. 0 new CWE-623 CVEs have been recorded so far in 2026 (1 in 2025).

CWE-623: Unsafe ActiveX Control Marked Safe For Scripting

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Illustrative examples

Frequently asked questions

What is CWE-623?

What CVEs are caused by CWE-623?

How do you prevent CWE-623?

What are the consequences of CWE-623?

Is CWE-623 actively exploited?

References

Stay ahead of CWE-623

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Illustrative examples

Related weaknesses

Parent

Peer

Frequently asked questions

What is CWE-623?

What CVEs are caused by CWE-623?

How do you prevent CWE-623?

What are the consequences of CWE-623?

Is CWE-623 actively exploited?

References

Stay ahead of CWE-623