Cyber Security News

MITRE Ends CVE Program Support – Leaked Internal Memo Confirms Departure

A leaked internal memo dated April 15, 2025, has sent shockwaves through the cybersecurity community, revealing that MITRE’s contract to operate the Common Vulnerabilities and Exposures (CVE) program is set to expire today, April 16, 2025.

The letter, reportedly obtained from a reliable source and addressed to CVE Board Members, is signed by Yosry Barsoum, Vice President and Director of MITRE’s Center for Securing the Homeland (CSH).

The memo casts doubt on MITRE’s continued role in maintaining the CVE program, a foundational pillar in global cybersecurity.

MITRE, a not-for-profit organization headquartered in McLean, Virginia, operates several federally funded research and development centers (FFRDCs), including the National Cybersecurity FFRDC, which has long supported the CVE initiative.

The CVE program, funded by the U.S. Department of Homeland Security, standardizes the identification and cataloging of cybersecurity vulnerabilities and is relied upon by organizations worldwide.

The leaked memo warns that the expiration of MITRE’s contract to “develop, operate, and modernize CVE and several other related programs, such as CWE,” could result in significant disruptions.

Potential impacts cited include the deterioration of national vulnerability databases and advisories, negative effects on tool vendors and incident response operations, and broader risks to critical infrastructure.

Notably, cybersecurity reporter David DiMolfetta has confirmed the authenticity of the memo, further heightening industry concerns.

The CVE database, with more than 274,000 entries, underpins a $37 billion cybersecurity vendor market.

Its standardized records enable efficient vulnerability management, cyber threat intelligence, and response across industry, government, and national security sectors. Any interruption in MITRE’s stewardship threatens to destabilize this global system.

The program has faced transitions in recent years, including a migration to a new website (CVE.ORG), updating record formats to JSON, and expanding assignments to service-based vulnerabilities beyond traditional software flaws.

These adaptations reflect the evolving threat landscape but underscore the necessity for consistent funding and operational continuity.

In an official response to Cyber Security News, a MITRE spokesperson confirmed, “April 16, 2025, funding for MITRE to develop, operate, and modernize the Common Vulnerabilities and Exposures (CVE) Program and related programs, such as the Common Weakness Enumeration (CWE) Program, will expire.

The government continues to make considerable efforts to support MITRE’s role in the program and MITRE remains committed to CVE as a global resource.”

As the cybersecurity community awaits clarity, the potential lapse of MITRE’s support puts the future of vulnerability management—and global cyber resilience—at a critical juncture.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations, particularly…

13 hours ago

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search Service…

13 hours ago

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider, has…

14 hours ago

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800 compromised…

14 hours ago

Hackers Bypass AI Filters from Microsoft, Nvidia, and Meta Using a Simple Emoji

Cybersecurity researchers have uncovered a critical flaw in the content moderation systems of AI models…

15 hours ago

Microsoft Alerts That Default Helm Charts May Expose Kubernetes Apps to Data Leaks

Microsoft’s cybersecurity research team has issued a stark warning about the risks of using default…

15 hours ago