CWE - CWE Most Important Hardware Weaknesses

Home
Who We Are User Stories History Documents Videos
Basics
Root Cause Mapping ►
Guidance Quick Tips Examples

How to Contribute Weakness Content FAQs Glossary
Top-N Lists ►
Top 25 Software Top Hardware Top 10 KEV Weaknesses

CWE List ►
Current Version Reports Visualizations Releases Archive

Downloads REST API
News ►
Current News Blog Podcast News Archive

CWE Board Working Groups & Special Interest Groups Email Lists

The Most Important Hardware Weaknesses (MIHW) empowers organizations with the knowledge to proactively strengthen hardware security and reduce risks at the source. The 2025 CWE™ MIHW represents a refreshed and enhanced effort to identify and educate the cybersecurity community about critical hardware weaknesses.

This update incorporates advancements in data collection and analysis, leveraging AI-assisted data collection alongside expert opinions from the Hardware CWE Special Interest Group (SIG), which includes subject matter experts from the hardware design, manufacturing, research, and security domains, as well as academia and government.

This approach combines data-driven analysis with collaborative subject matter expertise, ensuring the 2025 MIHW brings relevant and actionable insight for addressing persistent and emerging hardware security challenges.

The decision to update the CWE Most Important Hardware Weaknesses List was driven by significant changes in the hardware security landscape and the evolution of the Hardware CWE corpus since the last update in October 2021 (based on CWE version 4.6). Since then and through CWE version 4.17, the CWE hardware view has introduced several new and updated entries, including the addition of new classes, categories, and base weaknesses relevant to emerging hardware security concerns.

Additionally, there has been increased attention to hardware security in recent years, resulting in a greater availability of data to inform the analysis and prioritization of hardware weaknesses.

If you are interested in joining the Hardware CWE SIG, please email [email protected].

Acknowledgements

The 2025 CWE Hardware team includes (in alphabetical order by last name): Steve Christey Coley, Bob Heinemann, Gananand Kini, and Alec Summers.

We extend our deepest gratitude to the 2025 MIHW Working Group (a subgroup of HW SIG members), whose dedication and hard work made the weakness data collection (WDC) possible. We are also sincerely thankful to the respondents of the MIHW polls for sharing their expert insights, and to all members of the HW SIG for their ongoing support and contributions (names are in alphabetical order by first name).

2025 MIHW Working Group

MIHW Poll Respondents

Andreas Schweiger, Airbus
Arun Kanuparthi, Intel Corporation
Arun Jain, NXP
Hareesh Khattri, Intel Corporation
Irena Bojanova, NIST
Jason Oberg, Cycuity
Jason Fung, Intel Corporation
Jeremy Lee, Capsia Technologies
Keerthi Devraj, Siemens
Mitchell Poplingher, Lockheed Martin
Parbati Manna, Intel Corporation
Sandy Frost, Los Alamos National Laboratory
Shahram Jamshidi, Altera
Shivam Swami, AMD
Soheil Salehi, The University of Arizona
Thomas Ford, Dell
William Ferguson, ethicallyHackingspace(eHs)

Amitabh Das, AMD
Arun Kanuparthi, Intel Corporation
Bruce Monroe, AMD
Hareesh Khattri, Intel Corporation
Jason Fung, Intel Corporation
Jason Oberg, Cycuity
Joe Jarzombek
Joerg Bormann, Siemens
JV Rajendran, Texas A&M University
Miltos Grammatikakis, Hellenic Mediterranean University
Mitchell Poplingher, Lockheed Martin
Mohan Lal, Nvidia
Nicole Fern, Keysight
Rachana Maitra, Marvell
Robert van Spyk, Nvidia
Sohrab Aftabjahani, Intel Corporation
Sylvain Guilley, Secure-iC
William Ferguson, ethicallyHackingspace(eHs)

… and many others who chose to remain anonymous.

Top HW Weaknesses Archive

Page Last Updated: August 19, 2025


	Site Map \| Terms of Use \| Manage Cookies \| Cookie Notice \| Privacy Policy \| Contact Us \| Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2026, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.

Common Weakness Enumeration

CWE Most Important Hardware Weaknesses

Acknowledgements