The product does not properly return control flow to the proper location after it has completed a task or detected an unusual condition.

What CVEs are caused by CWE-705?

2 recorded CVEs are attributed to CWE-705, including CVE-2025-53856, CVE-2024-45433.

How is CWE-705 detected?

Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)

What are the consequences of CWE-705?

Exploiting CWE-705 can lead to: Alter Execution Logic, Other.

Is CWE-705 actively exploited?

2 recorded CVEs are caused by CWE-705; none are currently in CISA's KEV catalog of actively exploited flaws.

CWE-705: Incorrect Control Flow Scoping

Implementation

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

The following example attempts to resolve a hostname.

Vulnerable example

java

protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException {

A DNS lookup failure will cause the Servlet to throw an exception.

This code queries a server and displays its status when a request comes from an authorized IP address.

Vulnerable example

php

...
$requestingIP = $_SERVER['REMOTE_ADDR'];

This code redirects unauthorized users, but continues to execute code after calling http_redirect(). This means even unauthorized users may be able to access the contents of the page or perform a DoS attack on the server being queried. Also, note that this code is vulnerable to an IP address spoofing attack (CWE-212).

Included in the doPost() method defined below is a call to System.exit() in the event of a specific exception.

Vulnerable example

java

Public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

CWE-705: Incorrect Control Flow Scoping

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-705?

What CVEs are caused by CWE-705?

How is CWE-705 detected?

What are the consequences of CWE-705?

Is CWE-705 actively exploited?

References

Stay ahead of CWE-705

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Related weaknesses

Parent

Child

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-705?

What CVEs are caused by CWE-705?

How is CWE-705 detected?

What are the consequences of CWE-705?

Is CWE-705 actively exploited?

References

Stay ahead of CWE-705