The document, addressed to CVE Board Members and signed by Yosry Barsoum, Vice President and Director of MITRE’s Center for Securing the Homeland (CSH), reveals that MITRE’s contract to develop, operate, and modernize the Common Vulnerabilities and Exposures (CVE)
This development threatens the continuity of a foundational cybersecurity resource relied upon globally.
The CVE program, launched in 1999 and managed by MITRE with funding from the U.S. Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA), provides a standardized system for identifying, defining, and cataloging publicly disclosed cybersecurity vulnerabilities using unique identifiers known as CVE IDs (e.g., CVE-2024-43573).
This system enables organizations worldwide to prioritize and remediate security risks efficiently, forming the backbone of vulnerability management, incident response, and cyber threat intelligence tools.
As of April 2025, the CVE database contains over 274,000 entries, underscoring its critical role in the cybersecurity landscape.
Hundreds of organizations, known as CVE Numbering Authorities (CNAs), are authorized by MITRE to assign CVE numbers to new vulnerabilities, ensuring consistent and centralized tracking.
In the letter, Barsoum warns of “multiple impacts” should a break in service occur, including the “deterioration of national vulnerability databases and advisories, tool vendors, incident response operations, and all manner of critical infrastructure”.
Without new funding, MITRE will be unable to assign new CVE IDs or maintain the program’s infrastructure, leaving the cybersecurity ecosystem in limbo.
Security experts have described the potential shutdown as “tragic,” noting that the CVE program is the de facto international standard for vulnerability identification.
“Without it, we can’t track newly discovered vulnerabilities,” said Sasha Romanosky, senior policy researcher at the Rand Corporation.
The ripple effects could disrupt national vulnerability databases, slow vendor responses, and undermine coordinated defenses against emerging threats.
The CVE program has undergone significant changes in recent years to adapt to evolving threats. These include:
Despite the uncertainty, MITRE has reaffirmed its commitment to the CVE program as a global resource, emphasizing ongoing efforts by the government to secure continued support.
Industry stakeholders such as VulnCheck have pledged support for MITRE and the CVE ecosystem, recognizing the program’s decades-long contributions.
In an official statement, MITRE confirmed to Cyber Security News: “April 16, 2025, funding for MITRE to develop, operate, and modernize the Common Vulnerabilities and Exposures (CVE®) Program and related programs, such as the Common Weakness Enumeration (CWE
The government continues to make considerable efforts to support MITRE’s role in the program, and MITRE remains committed to CVE as a global resource”.
As the cybersecurity world waits for a resolution, the expiration of MITRE’s CVE contract highlights the fragility of critical infrastructure underpinning global digital security.
Without immediate action, organizations may face delays in vulnerability tracking, advisories, and cyber response, exposing critical infrastructure to heightened risk.
The coming days will be pivotal in determining the future of vulnerability management and the security of digital ecosystems worldwide.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
The post “MITRE’s CVE Program Support Ends Today, Leaked Internal Letter Confirms” appeared first on Cyber Security News.
It’s coming… For years, governments, businesses and organizations have speculated on the impact of AI…
Let's make this simple: You want to know if there are any mid- or post-credits…
Secretlab recently opened up preorders for its highly anticipated lineup of Titan Evo Pokémon gaming…
One night last week, Terese Bastarache — the conservative activist who led the successful campaign…
WASHINGTON, DC - JANUARY 29: U.S. Secretary of War Pete Hegseth (C) speaks during a…
There’s a sale happening at Woot that’s delivering Black Friday-esque deals on video games through…
This website uses cookies.