VulnCheck to Support the CVE Program Through Potential Contract Transition

LEXINGTON, Mass.--(BUSINESS WIRE)--VulnCheck, the exploit intelligence company, today pledged its full support behind MITRE and the decades’ worth of positive contributions that MITRE has made to the entire cybersecurity community since the inception of its CVE program.

VulnCheck pledges its full support behind MITRE and the decades’ worth of positive contributions that it has made to the entire cybersecurity community since the inception of its CVE program.

Share

VulnCheck is committed to supporting the CVE program and to maintaining MITRE’s adherence to a well-run program where CVE Numbering Authority (CNA) collaboration has benefited the broader cybersecurity ecosystem. The company is also committing to better understand the upstream implications involving CVE.org as a data provider.

The uncertainty around what services at MITRE or the CVE program may or may not be impacted comes from a board-level communication from MITRE, disseminated on April 15, 2025, which explicitly states:

”On Wednesday, April 16, 2025, the current contracting pathway for MITRE to develop, operate and modernize CVE will expire. The government continues to make considerable efforts to continue MITRE’s role in support of the program…If a break in service were to occur, we anticipate multiple impacts to CVE, including deterioration of national vulnerability databases and advisories, tool vendors, incident response operations, and all manner of critical infrastructure.”

In an effort to help MITRE and the CVE program bridge the gap in the event of any disruption, VulnCheck's reporting service is available at: https://vulncheck.com/advisories/report.

VulnCheck will continue to perform CVE assignments for the community in the coming days and weeks. In an effort to do this quickly, VulnCheck has proactively pre-allocated one thousand 2025 CVEs and will work to allocate more.

“VulnCheck is actively monitoring the MITRE situation, and will ensure that our customers, partners, and the entire cybersecurity community will have continued access to timely, accurate vulnerability data,” said Anthony Bettini, Founder and CEO, VulnCheck. “We recognize the critical role that the CVE program plays in the cybersecurity ecosystem, and we are actively preparing for any potential disruptions.”

Other cybersecurity vendors in the community, such as GreyNoise and Horizon3, successfully use this service from VulnCheck.

“We’ve partnered with VulnCheck for CVE assignments because they simplify the submission process and allow us to quickly receive identifiers for new threats we discover,” said Glenn Thorpe, Sr. Director, Security Research and Detection Engineering, GreyNoise.

“VulnCheck came through for us recently when we needed to get a CVE quickly assigned and published to support timely disclosure of our research,” said Naveen Sunkavally, Chief Architect, Horizon3.ai. “We look forward to continuing to use VulnCheck's CNA service for new vulnerabilities that we discover.”

Additionally, to ensure the cybersecurity community doesn’t experience any disruption to access, VulnCheck has added MITRE CVE List V5 to its Community tier of intelligence offerings, starting today. For the first time, this brings MITRE’s CVE database to our thousands of Community users.

About VulnCheck

VulnCheck is the exploit intelligence company helping enterprises, government organizations, and cybersecurity vendors solve the vulnerability prioritization challenge. Trusted by some of the world's largest organizations responsible for protecting hundreds of millions of systems and people, VulnCheck helps organizations outpace adversaries by providing the most comprehensive, real-time vulnerability intelligence that is autonomously correlated with unique, proprietary exploit and threat intelligence.

Follow the company on LinkedIn or X. To learn more about VulnCheck, visit https://vulncheck.com/.