CWE-694: Use of Multiple Resources with Duplicate Identifier
The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.
Last updated
Overview
If the product assumes that each resource has a unique identifier, the product could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.
Real-world CVEs
8 recorded CVEs are caused by CWE-694 (Use of Multiple Resources with Duplicate Identifier). The highest-severity and most recent are shown first. 2 new CWE-694 CVEs have been recorded so far in 2026 (2 in 2025).
- CVE-2025-13609
Keylime: keylime: registrar allows identity takeover via duplicate uuid registration
High · CVSS 8.2 · EPSS 31th2025-11-24 - CVE-2025-59048
OpenBao AWS Plugin Vulnerable to Cross-Account IAM Role Impersonation in AWS Auth Method
High · CVSS 8.1 · EPSS 15th2025-10-23 - CVE-2026-57024
Junos OS: MX with SPC3, SRX Series: Repeated VPN negotiation failures will eventually cause iked to crash continuously