Monday, June 16, 2025
HomeCVE/vulnerabilityNew Common Vulnerability Scoring System (CVSS) v4.0 Released - What's New!

New Common Vulnerability Scoring System (CVSS) v4.0 Released – What’s New!

Published on

SIEM as a Service

Follow Us on Google News

CVSS (Common Vulnerability Scoring System) is vital for supplier-consumer interaction, offering a numerical score to assess security vulnerabilities’ technical severity that helps in guiding the following entities:-

  • Businesses
  • Service providers
  • Public

CVSS scores interpret the following qualitative ratings for prioritizing vulnerability management and enhancing defense strategies against cyber threats, enabling real-time threat assessment for consumers’ protection:-

  • Low
  • Medium
  • High
  • Critical

At the 35th Annual FIRST Conference in June 2023, the CVSS version 4.0 was unveiled by FIRST. However, after two months of public input and refinement, CVSS version 4.0 was officially released by FIRST.

- Advertisement - Google News

CVSS 4.0 – What’s New?

This new version, CVSS 4.0, aims to offer the most precise vulnerability assessment, as it provides:-

  • Finer detail
  • Clarity
  • Simplification in threat metrics

These are the key elements that make it more effective for assessing security needs and controls. CVSS 4.0 adds new metrics for assessing vulnerabilities, including:-

  • Automatable
  • Recovery
  • Value Density
  • Response Effort
  • Urgency

Moreover, it’s also expanded for the OT/ICS/IoT, with Safety metrics included. CVSS 4.0 is a game-changer for global cybersecurity and incident response teams, offering a vital tool in the face of rising threats.

Diverse rating systems were used for severity before 2005 since, at that time, various non-standard severity systems existed. 

In February 2005, CVSS version 1 was initially introduced, driven by FIRST to standardize vulnerability measurement, which became an important industry tool.

CVSS evolved from version 1 in 2005 to version 3.1 in 2019. Version 4.0 is a notable advance, emphasizing threat intelligence and environmental metrics for more accurate scoring.

Here below, we have mentioned the new nomenclature that has been adopted in version 4.0:-

  • CVSS-B: CVSS Base Score
  • CVSS-BT: CVSS Base + Threat Score
  • CVSS-BE: CVSS Base + Environmental Score
  • CVSS-BTE: CVSS Base + Threat + Environmental Score

The rapid rise in cybersecurity challenges shows the importance of global coordination which is crucial. However, introducing standards like CVSS 4.0 plays a vital role in enhancing internet safety for all.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale

Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...

Credential Abuse: 15-Min Attack Simulation

Credential Abuse Unmasked

Credential abuse is #1 attack vector in web and API breaches today (Verizon DBIR 2025). Join our live, 15-min attack simulation with Karthik Krishnamoorthy (CTO - Indusface) and Phani Deepak Akella (VP of Marketing - Indusface) to see hackers move from first probe to full account takeover.

Discussion points


Username & email enumeration – how a stray status-code reveals valid accounts.
Password spraying – low-and-slow guesses that evade basic lockouts.
Credential stuffing – lightning-fast reuse of breach combos at scale.
MFA / session-token bypass – sliding past second factors with stolen cookies.

More like this

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...