CWE-825: Expired Pointer Dereference
Also known as: Dangling pointer
The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.
Last updated
Overview
When a product releases memory, but it maintains a pointer to that memory, then the memory might be re-allocated at a later time. If the original pointer is accessed to read or write data, then this could cause the product to read or modify data that is in use by a different function or process. Depending on how the newly-allocated memory is used, this could lead to a denial of service, information exposure, or code execution.
Real-world CVEs
47 recorded CVEs are caused by CWE-825 (Expired Pointer Dereference). The highest-severity and most recent are shown first. 27 new CWE-825 CVEs have been recorded so far in 2026 (9 in 2025).