CWE-703

Improper Check or Handling of Exceptional Conditions

The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

CVE-2022-22265 (GCVE-0-2022-22265)
Vulnerability from cvelistv5
Published
2022-01-07 22:39
Modified
2025-07-30 01:37
CWE
  • CWE-703 - Improper Check or Handling of Exceptional Conditions
Summary
An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Version: O(8.x), P(9.0), Q(10.0), R(11.0), S(12.0)   < SMR Jan-2022 Release 1
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:07:50.178Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-22265",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-11-15T16:35:36.348619Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-09-18",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22265"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:37:51.132Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2023-09-18T00:00:00+00:00",
            "value": "CVE-2022-22265 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "SMR Jan-2022 Release 1",
              "status": "affected",
              "version": "O(8.x), P(9.0), Q(10.0), R(11.0), S(12.0)",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-07T22:39:11.000Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "Samsung Mobile"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "mobile.security@samsung.com",
          "ID": "CVE-2022-22265",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Samsung Mobile Devices",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "O(8.x), P(9.0), Q(10.0), R(11.0), S(12.0)",
                            "version_value": "SMR Jan-2022 Release 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Samsung Mobile"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-703: Improper Check or Handling of Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=1",
              "refsource": "MISC",
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=1"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "Samsung Mobile",
    "cveId": "CVE-2022-22265",
    "datePublished": "2022-01-07T22:39:11.000Z",
    "dateReserved": "2021-12-29T00:00:00.000Z",
    "dateUpdated": "2025-07-30T01:37:51.132Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-54134 (GCVE-0-2025-54134)
Vulnerability from cvelistv5
Published
2025-07-21 20:58
Modified
2025-07-23 18:30
CWE
  • CWE-20 - Improper Input Validation
  • CWE-248 - Uncaught Exception
  • CWE-703 - Improper Check or Handling of Exceptional Conditions
Summary
HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles endpoints. This vulnerability exists because the application does not properly handle exceptions which occur as a result of changes to user-modifiable URL parameters. This is fixed in version 11.0.9.
Impacted products
Vendor Product Version
haxtheweb issues Version: < 11.0.9
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54134",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T18:30:05.848115Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-23T18:30:23.112Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "issues",
          "vendor": "haxtheweb",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 11.0.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles endpoints. This vulnerability exists because the application does not properly handle exceptions which occur as a result of changes to user-modifiable URL parameters. This is fixed in version 11.0.9."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248: Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-21T20:58:35.724Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/haxtheweb/issues/security/advisories/GHSA-pjj3-j5j6-qj27",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/haxtheweb/issues/security/advisories/GHSA-pjj3-j5j6-qj27"
        },
        {
          "name": "https://github.com/haxtheweb/haxcms-nodejs/commit/e9773d1996233f9bafb06832b8220ec2a98bab34",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/haxtheweb/haxcms-nodejs/commit/e9773d1996233f9bafb06832b8220ec2a98bab34"
        },
        {
          "name": "https://github.com/haxtheweb/haxcms-nodejs/blob/main/src/routes/listFiles.js#L22",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/haxtheweb/haxcms-nodejs/blob/main/src/routes/listFiles.js#L22"
        },
        {
          "name": "https://github.com/haxtheweb/haxcms-nodejs/blob/main/src/routes/saveFile.js#L52",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/haxtheweb/haxcms-nodejs/blob/main/src/routes/saveFile.js#L52"
        }
      ],
      "source": {
        "advisory": "GHSA-pjj3-j5j6-qj27",
        "discovery": "UNKNOWN"
      },
      "title": "HAX CMS NodeJs\u0027s Improper Error Handling Leads to Denial of Service"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-54134",
    "datePublished": "2025-07-21T20:58:35.724Z",
    "dateReserved": "2025-07-16T23:53:40.510Z",
    "dateUpdated": "2025-07-23T18:30:23.112Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-58758 (GCVE-0-2025-58758)
Vulnerability from cvelistv5
Published
2025-09-09 19:50
Modified
2025-09-10 20:14
CWE
  • CWE-703 - Improper Check or Handling of Exceptional Conditions
Summary
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, TinyEnv did not require the `.env` file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration, potentially causing insecure defaults or deployment misconfigurations. The issue has been fixed in version 1.0.11. All users should upgrade to 1.0.11 or later. As a workaround, users can manually verify the existence of the `.env` file before initializing TinyEnv.
Impacted products
Vendor Product Version
datahihi1 tiny-env Version: >= 1.0.1, < 1.0.3
Version: >= 1.0.9, < 1.0.11
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-58758",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-10T20:14:12.293359Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-10T20:14:26.393Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tiny-env",
          "vendor": "datahihi1",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.0.1, \u003c 1.0.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.0.9, \u003c 1.0.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "TinyEnv is an environment variable loader for PHP applications. In versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, TinyEnv did not require the `.env` file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration, potentially causing insecure defaults or deployment misconfigurations. The issue has been fixed in version 1.0.11. All users should upgrade to 1.0.11 or later. As a workaround, users can manually verify the existence of the `.env` file before initializing TinyEnv."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-09T19:50:18.518Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/datahihi1/tiny-env/security/advisories/GHSA-3j7m-5g4q-gfpc",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/datahihi1/tiny-env/security/advisories/GHSA-3j7m-5g4q-gfpc"
        },
        {
          "name": "https://github.com/datahihi1/tiny-env/commit/69b7b885e6cfbf07f470fb3512360e0caa95521e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/datahihi1/tiny-env/commit/69b7b885e6cfbf07f470fb3512360e0caa95521e"
        }
      ],
      "source": {
        "advisory": "GHSA-3j7m-5g4q-gfpc",
        "discovery": "UNKNOWN"
      },
      "title": "TinyEnv: Missing .env file not required \u2014 may cause unexpected behavior"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-58758",
    "datePublished": "2025-09-09T19:50:18.518Z",
    "dateReserved": "2025-09-04T19:18:09.500Z",
    "dateUpdated": "2025-09-10T20:14:26.393Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page