Tuesday , June 24 2025

CVSS 4.0 released: The New Standard for Vulnerability Scoring

FIRST has unveiled the latest version of its Common Vulnerability Scoring System (CVSS 4.0). CVSS is important for the connection between suppliers and consumers. It helps identify the main characteristics of security vulnerabilities and gives them a score that shows how serious they are. This helps businesses; service providers, government, and the public understand and deal with the vulnerabilities better.

CVSS 4.0

WhatsApp banned on all US House of Representatives devices

The U.S. House of Representatives has banned congressional staff from using WhatsApp on government devices due to security concerns, as...
Read More
WhatsApp banned on all US House of Representatives devices

Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store

Kaspersky found a new mobile malware dubbed SparkKitty in Google Play and Apple App Store apps, targeting Android and iOS....
Read More
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store

OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems

OWASP has released its AI Testing Guide, a framework to help organizations find and fix vulnerabilities specific to AI systems....
Read More
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems

Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform

In a major milestone for the country’s digital infrastructure, Axentec PLC has officially launched Axentec Cloud, Bangladesh’s first Tier-4 cloud...
Read More
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform

Hackers Bypass Gmail MFA With App-Specific Password Reuse

A hacking group reportedly linked to Russian government has been discovered using a new phishing method that bypasses two-factor authentication...
Read More
Hackers Bypass Gmail MFA With App-Specific Password Reuse

Russia detects first SuperCard malware attacks via NFC

Russian cybersecurity experts discovered the first local data theft attacks using a modified version of legitimate near field communication (NFC)...
Read More
Russia detects first SuperCard malware attacks via NFC

Income Property Investments exposes 170,000+ Individuals record

Cybersecurity researcher Jeremiah Fowler discovered an unsecured database with 170,360 records belonging to a real estate company. It contained personal...
Read More
Income Property Investments exposes 170,000+ Individuals record

ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs

GreyNoise found attempts to exploit CVE-2023-28771, a vulnerability in Zyxel's IKE affecting UDP port 500. The attack centers around CVE-2023-28771,...
Read More
ALERT (CVE: 2023-28771)  Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs

CISA Flags Active Exploits in Apple iOS and TP-Link Routers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included two high-risk vulnerabilities in its Known Exploited Vulnerabilities (KEV)...
Read More
CISA Flags Active Exploits in Apple iOS and TP-Link Routers

10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online

SafetyDetectives’ Cybersecurity Team discovered a public post on a clear web forum in which a threat actor claimed to have...
Read More
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online

The scores can be classified as low, medium, high, or critical to help organizations evaluate their vulnerability management processes and defend against cyber-attacks. This system lets consumers assess real-time threat and impact, giving them important information to defend against an attack.

ALSO READ:

Only 45% of cloud data is currently encrypted

Common Vulnerability Scoring System

CVSS 4.0 is a widely used standard for vulnerability assessment. It aims to provide accurate vulnerability assessment for organizations and the public. The program improves metrics for consumers, removes scoring ambiguity, simplifies threat metrics, and enhances the assessment of security requirements and controls.

Moreover, various additional characteristics have been incorporated into vulnerability assessment, such as Automatable, Recovery, Value Density, Vulnerability Response Effort, and Provider Urgency. There is also additional applicability to OT/ICS/IoT, with Safety metrics and values added to both the Supplemental and Environmental metric groups.

The road to CVSS 4.0

The sector will transform with the new CVSS 4.0, which will improve its ability to handle threats. Prior to 2005, custom, incompatible rating systems were used to define severity before a need for standardized vulnerability measurements across software and platforms was identified.

CVSS version 1 was released in February 2005 with the goal of being adopted by the industry. FIRST was appointed in April to drive future development of CVSS.

Over a dozen FIRST members of the CVSS Special Interest Group (SIG) collaborated extensively. Throne CVSS version 1 was revised and improved in 2006 and 2007. This was done by testing and re-testing hundreds of real-world vulnerabilities. The result was the release of version 2 in June 2007.

In 2015, a third version of the tool was developed. It introduced the concept of ‘Scope’ to manage the scoring of vulnerabilities. These vulnerabilities may be present in one software component but affect a different software, hardware, or networking component.

A new version, 3.1, was released in June 2019. This version clarified and improved upon version 3.0. It did not add new metrics or values but focused on improving the clarity of concepts and making the standard easier to use. One new addition was the CVSS Extensions Framework.

This release is an important advancement. It has added capabilities that are crucial for teams. These capabilities help with threat intelligence and environmental metrics for accurate scoring.

Another function of note is the nomenclature. CVSS is not just the Base Score, so to further highlight this new nomenclature has been adopted in version 4.0:

CVSS-B: CVSS Base Score

CVSS-BT: CVSS Base + Threat Score

CVSS-BE: CVSS Base + Environmental Score

 CVSS Base + Threat + Environmental Score

Testing CVSS 4.0

Many of the 900 industry leaders, from across the globe, are now testing CVSS version 4.0 in real-time before public launch. Cyber security issues are increasing worldwide. Global coordination is crucial to make the internet safe for everyone. Programs like CVSS 4.0 are important for both the sector and the public.

The CEO of FIRST, Chris Gibson, said that the CVSS system has been developing quickly for the past 18 years. Each new version improves our ability to protect against cyber criminals.

I am immensely proud of the CVSS-SIG for the hard work and dedication it has taken to produce version 4.0. And it is timely as we continue to see a significant rise in threats across the world.”

 

 

Check Also

Patch Tuesday

Microsoft patch Tuesday fix exploited zero-day and 65 vuls patched

Microsoft’s June Patch Tuesday update has arrived, addressing 66 vulnerabilities across its product line. One …

Leave a Reply

Your email address will not be published. Required fields are marked *