CWE-703: Improper Check or Handling of Exceptional Conditions
The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.
Last updated
Overview
CWE-703 (Improper Check or Handling of Exceptional Conditions) is a pillar-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
139 recorded CVEs are caused by CWE-703 (Improper Check or Handling of Exceptional Conditions), including 3 in CISA's KEV (Known Exploited Vulnerabilities) catalog. KEVs are shown first. 18 new CWE-703 CVEs have been recorded so far in 2026 (27 in 2025).
- CVE-2022-22265CISA KEVHigh · CVSS 8.6 · EPSS 31th2022-01-07
- CVE-2021-25370CISA KEVHigh · CVSS 7.1 · EPSS 55th2021-03-26
- CVE-2021-25372CISA KEVMedium · CVSS 5.4 · EPSS 53th2021-03-26
- CVE-2025-13026
Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component
Critical · CVSS 9.8 · EPSS 27th2025-11-11 - CVE-2025-13023
Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component
Critical · CVSS 9.8 · EPSS 27th2025-11-11 - CVE-2025-13022
Incorrect boundary conditions in the Graphics: WebGPU component
Critical · CVSS 9.8 · EPSS 27th2025-11-11 - CVE-2025-13021
Incorrect boundary conditions in the Graphics: WebGPU component
Critical · CVSS 9.8 · EPSS 27th2025-11-11 - CVE-2025-31998
HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes sensitive information
Critical · CVSS 9.8 · EPSS 29th2025-10-12 - CVE-2024-21894Critical · CVSS 9.8 · EPSS 97th2024-04-04
- CVE-2021-3329Critical · CVSS 9.6 · EPSS 46th2023-02-26
- CVE-2023-0397Critical · CVSS 9.6 · EPSS 38th2023-01-19
- CVE-2024-39815
Vonets WiFi Bridges Improper Check or Handling of Exceptional Conditions
Critical · CVSS 9.4 · EPSS 51th2024-08-08
Showing 12 of 139 recorded CWE-703 CVEs. Track new ones as they are published and get AI-written analysis and fixes.
Monitor CWE-703 vulnerabilitiesCommon consequences
What can happen when CWE-703 is exploited.
Read Application Data, DoS: Crash, Exit, or Restart, Unexpected State
Affects: Confidentiality, Availability, Integrity
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
How to detect it
Dynamic Analysis with Manual Results Interpretation
According to SOAR [REF-1479], the following detection techniques may be useful:
Effectiveness: High
Manual Static Analysis - Source Code
According to SOAR [REF-1479], the following detection techniques may be useful:
Effectiveness: High
Automated Static Analysis - Source Code
According to SOAR [REF-1479], the following detection techniques may be useful:
Effectiveness: SOAR Partial
Architecture or Design Review
According to SOAR [REF-1479], the following detection techniques may be useful:
Effectiveness: High
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
Consider the following code segment:
Vulnerable example
char buf[10], cp_buf[10];The programmer expects that when fgets() returns, buf will contain a null-terminated string of length 9 or less. But if an I/O error occurs, fgets() will not null-terminate buf. Furthermore, if the end of the file is reached before any characters are read, fgets() returns without writing anything to buf. In both of these situations, fgets() signals that something unusual has happened by returning NULL, but in this code, the warning will not be noticed. The lack of a null terminator in buf can result in a buffer overflow in the subsequent call to strcpy().
The following method throws three types of exceptions.
Safe example
public void doExchange() throws IOException, InvocationTargetException, SQLException {Vulnerable example
public void doExchange() throws Exception {Illustrative examples
Real CVEs that MITRE cites as examples of this weakness.
- CVE-2022-22224 — Chain: an operating system does not properly process malformed Open Shortest Path First (OSPF) Type/Length/Value Identifiers (TLV) (CWE-703), which can cause the process to enter an infinite loop (CWE-835)
Terminology & mappings
Mapped taxonomies
- The CERT Oracle Secure Coding Standard for Java (2011): Do not throw undeclared checked exceptions (ERR06-J)
Frequently asked questions
Common questions about CWE-703.
- What is CWE-703?
- The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.
- What CVEs are caused by CWE-703?
- 139 recorded CVEs are attributed to CWE-703, including CVE-2022-22265, CVE-2021-25370, CVE-2021-25372. 3 are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- How is CWE-703 detected?
- Dynamic Analysis with Manual Results Interpretation: According to SOAR [REF-1479], the following detection techniques may be useful:
- What are the consequences of CWE-703?
- Exploiting CWE-703 can lead to: Read Application Data, DoS: Crash, Exit, or Restart, Unexpected State.
- Is CWE-703 actively exploited?
- Yes. 3 CWE-703 vulnerabilities are in CISA's KEV catalog of actively exploited flaws, out of 139 recorded CVEs.
References
- MITRE CWE definition (CWE-703) (opens in a new tab)
- CWE-703 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-703
Get alerted the moment a new CWE-703 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.