The OWASP Top 10 2025 update landed with several significant structural changes. If your security program is still calibrated to the 2021 list, here's what needs to change — and why.
The 2025 List at a Glance
| Rank | Category | Change from 2021 |
|---|---|---|
| A01 | Broken Access Control | No change (held #1 since 2021) |
| A02 | Security Misconfiguration | Up from #5 |
| A03 | Injection | Down from #3 |
| A04 | Insecure Design | No change |
| A05 | Vulnerable & Outdated Components | Expanded (now includes SBOM) |
| A06 | Identification & Authentication Failures | Renamed |
| A07 | Software & Data Integrity Failures | No change |
| A08 | Security Logging & Monitoring Failures | No change |
| A09 | Server-Side Request Forgery | Now standalone (was part of A10) |
| A10 | Emerging Technology Risks | New (LLM/AI security) |
The Three Most Significant Shifts
1. Security Misconfiguration Jumps to #2
This is the most operationally significant change. Misconfiguration climbing from #5 to #2 reflects a statistical reality: cloud infrastructure has made misconfiguration the most prevalent actual attack vector, even if injection remains conceptually critical.
The 2025 definition explicitly expands misconfiguration to include:
- Cloud storage bucket permissions (S3 public read, Azure Blob)
- Default credentials on cloud-provisioned services
- Unnecessary HTTP methods enabled
- Verbose error messages exposing stack traces
- Missing security headers (CSP, HSTS, X-Frame-Options)
Operational implication: If your security scan covers injection but doesn't systematically audit HTTP headers and cloud storage permissions, you are now missing the #2 most common attack vector.
2. SSRF Gets Its Own Category (A09)
Server-Side Request Forgery was previously bundled under "other" categories. The 2025 list gives it standalone status — a recognition that SSRF has become a primary attack vector for cloud credential theft and internal service discovery.
The canonical SSRF attack against cloud infrastructure:
Attacker crafts request → Application fetches internal URL
→ AWS metadata endpoint (169.254.169.254)
→ Returns IAM credentials
→ Attacker has AWS access
This attack pattern has been used in several high-profile breaches. The elevation to a standalone OWASP category reflects how widespread cloud deployments have made it.
Operational implication: Your DAST scanner must actively probe for SSRF by injecting cloud metadata URLs and internal addresses into every URL parameter, form field, and JSON property. Passive scanning does not detect SSRF.
3. Emerging Technology Risks — AI Code and LLM Security
For the first time, OWASP formally addresses security risks introduced by AI-generated code and LLM integration. A10 2025 covers:
AI-generated code risks:
- LLMs generate code that passes syntax checks but contains logical security flaws
- Autocomplete tools suggest deprecated or vulnerable function calls
- Security context is often stripped from AI training data (no examples of what NOT to do)
LLM integration risks:
- Prompt injection via user input passed to LLM systems
- Indirect prompt injection through retrieved documents
- Excessive agency — LLMs with too many tool permissions
Operational implication: If your development team uses Copilot, Cursor, or similar tools, your code review process needs an explicit security review gate for AI-generated code. Automated SAST must run on all committed code regardless of origin.
What Did NOT Change (and Why That Matters)
Broken Access Control Remains #1
Broken Access Control has held the top position since 2021. OWASP reports it appears in 94% of tested applications. The reason it doesn't move: it's both the most prevalent and the hardest to automatically detect.
If you have not invested in runtime authorization testing — testing that User A cannot access User B's resources — this should be your top security priority. Automated tools can assist but cannot replace testing against your application's specific authorization model.
Injection Moved Down, Not Away
Injection (SQL, XSS, command injection) dropped to A03. This reflects improved framework-level protection — ORMs, prepared statements, and template escaping have reduced the raw count of injection vulnerabilities. It does not mean injection is solved.
Legacy codebases, custom SQL queries, and NoSQL injection remain significant attack surfaces. Every application with database queries should have active injection testing in its CI/CD pipeline.
Updating Your Security Program
Checklist for aligning your program with OWASP Top 10 2025:
- Add HTTP security header auditing to your scanner configuration
- Add cloud storage permission checks to your EASM scans
- Configure SSRF probes for all URL-accepting parameters
- Implement code review gates for AI-generated code
- Expand A05 checking to include dependency SBOM validation
- Test IDOR scenarios explicitly against your authorization model
- Verify SSRF protection on all internal microservice-facing endpoints
The 2025 list is not a dramatic overhaul — it's a calibration to where breaches are actually occurring. If your security program already covers injection and XSS comprehensively, the work is to expand coverage into misconfiguration, SSRF, and emerging AI risks.
PentestCheck maps every finding to the relevant OWASP category. Your Threat Score reflects your current posture across all 10.