CWE-5— J2EE Misconfiguration: Data Transmission Without Encryption
Information sent over a network can be compromised while in transit. An attacker may be able to read or modify the contents if the data are sent in plaintext or are weakly encrypted.— MITRE CWE catalog
2 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-5page 1 of 1
- CVE-2025-52435HIGHCVSS 7.5EG 7.52026-01-10
J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowi…
- CVE-2025-65297HIGHCVSS 7.5EG 7.52025-12-10
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer.
Map vulnerabilities like CWE-5 to your infrastructure
EchelonGraph correlates every CVE — across CWE-5 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →