The product uses a regular expression that does not sufficiently restrict the set of allowed values.
View on MITREThis effectively causes the regexp to accept substrings that match the pattern, which produces a partial comparison to the target. In some cases, this can lead to other weaknesses. Common errors include: not identifying the beginning and end of the target string using wildcards instead of acceptable character ranges others
When applicable, ensure that the regular expression marks beginning and ending string patterns, such as "/^string$/" for Perl.
No detection method information available for this CWE.
This code uses a regular expression to validate an IP string prior to using it in a call to the "ping" command.
Since the regular expression does not have anchors (CWE-777), i.e. is unbounded without ^ or $ characters, then prepending a 0 or 0x to the beginning of the IP address will still result in a matched regex pattern. Since the ping command supports octal and hex prepended IP addresses, it will use the unexpectedly valid IP address (CWE-1389). For example, "0x63.63.63.63" would be considered equivalent to "99.63.63.63". As a result, the attacker could potentially ping systems that the attacker cannot reach directly.
Chain: regex in EXIF processor code does not correctly determine where a string ends (CWE-625), enabling eval injection (CWE-95), as exploited in the wild per CISA KEV.
View Detailsinsertion of username into regexp results in partial comparison, causing wrong database entry to be updated when one username is a substring of another.
View Detailsregexp intended to verify that all characters are legal, only checks that at least one is legal, enabling file inclusion.
View DetailsRegexp for IP address isn't anchored at the end, allowing appending of shell metacharacters.
View DetailsRegexp isn't "anchored" to the beginning or end, which allows spoofed values that have trusted values as substrings.
View Detailsregexp in .htaccess file allows access of files whose names contain certain substrings
View DetailsCWE-625: Permissive Regular Expression is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product uses a regular expression that does not sufficiently restrict the set of allowed values. This effectively causes the regexp to accept substrings that match the pattern, which produces a partial comparison to the target. In some cases, this can lead to other weaknesses. Common errors include: not identifying the beginning and end of the target string using wildcards instead of acceptable character ranges others
If exploited, CWE-625 (Permissive Regular Expression) it can compromise Access Control, leading to outcomes such as Bypass Protection Mechanism.
Recommended mitigations for CWE-625 include: When applicable, ensure that the regular expression marks beginning and ending string patterns, such as "/^string$/" for Perl.
CWE-625 commonly affects Perl and PHP. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
MITRE documents real CVEs mapped to CWE-625, including CVE-2021-22204, CVE-2006-1895, CVE-2002-2175, CVE-2006-4527 and CVE-2005-1949. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
A CWE (Common Weakness Enumeration) like CWE-625 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.