The Most Important Hardware Weaknesses (MIHW) empowers organizations with the knowledge to proactively strengthen hardware security and reduce risks at the source. The 2025 CWE™ MIHW represents a refreshed and enhanced effort to identify and educate the cybersecurity community about critical hardware weaknesses.
This update incorporates advancements in data collection and analysis, leveraging AI-assisted data collection alongside expert opinions from the Hardware CWE Special Interest Group (SIG), which includes subject matter experts from the hardware design, manufacturing, research, and security domains, as well as academia and government.
This approach combines data-driven analysis with collaborative subject matter expertise, ensuring the 2025 MIHW brings relevant and actionable insight for addressing persistent and emerging hardware security challenges.
The decision to update the CWE Most Important Hardware Weaknesses List was driven by significant changes in the hardware security landscape and the evolution of the Hardware CWE corpus since the last update in October 2021 (based on CWE version 4.6). Since then and through CWE version 4.17, the CWE hardware view has introduced several new and updated entries, including the addition of new classes, categories, and base weaknesses relevant to emerging hardware security concerns.
Additionally, there has been increased attention to hardware security in recent years, resulting in a greater availability of data to inform the analysis and prioritization of hardware weaknesses.
If you are interested in joining the Hardware CWE SIG, please email cwe@mitre.org.
The 2025 CWE Hardware team includes (in alphabetical order by last name): Steve Christey Coley, Bob Heinemann, Gananand Kini, and Alec Summers.
We extend our deepest gratitude to the 2025 MIHW Working Group (a subgroup of HW SIG members), whose dedication and hard work made the weakness data collection (WDC) possible. We are also sincerely thankful to the respondents of the MIHW polls for sharing their expert insights, and to all members of the HW SIG for their ongoing support and contributions (names are in alphabetical order by first name).
| 2025 MIHW Working Group | MIHW Poll Respondents |
|---|---|
Andreas Schweiger, Airbus |
Amitabh Das, AMD |
… and many others who chose to remain anonymous.
Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2025, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.
