[A07, A09:2025] Incorrect CWE-221, CWE-298, CWE-299 Name in List of Mapped CWEs

[NureddinSoltan]

Description:

In the List of Mapped CWEs section, three CWEs are currently listed with incorrect or misaligned titles. The names in the documentation do not match the official CWE dictionary.

CWE ID	Currently Listed As	Correct Official Name
CWE-298	Improper Validation of Certificate with Host Mismatch	Improper Validation of Certificate Expiration
CWE-299	Improper Validation of Certificate with Host Mismatch	Improper Check for Certificate Revocation
CWE-221	Information Loss of Omission	Information Loss or Omission

Why It Matters:

The List of Mapped CWEs section is meant to be a precise technical reference that maps directly to the official CWE catalog. Using an incorrect name can cause confusion for developers and security practitioners who cross-reference with the official CWE documentation.

Steps to Reproduce:

1. Navigate to https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/ and https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/
2. Scroll down to the List of Mapped CWEs section
3. Observe the name listed for CWE-221. CWE-298 and CWE-299

A07 Refrences:

A09 Refrences:

Proposed Fix:

Update the entries for CWE-221, CWE-298, and CWE-299 to match their official names as defined by CWE.

[Uditbhardwajj]

Hi, I’d like to work on this issue. I will verify the CWE names with the official CWE database and update them accordingly.

[NureddinSoltan]

This was already resolved in #937. Could you please check existing issues before submitting?