"The number of newly submitted CVEs rose by 263 percent between 2020 and 2025, with NIST processing nearly 42,000 CVEs in 2025, a 45 percent increase compared to previous years."
"A funding gap in 2024 further exacerbated the existing backlog, preventing NIST from ever fully clearing it since then, leading to a drastic funding shortfall in April 2025."
"Starting this week, NIST is applying new prioritization criteria, giving priority to CVEs listed in the CISA Known Exploited Vulnerabilities Catalog, which must be fully analyzed within one business day."
The U.S. security authority NIST is revising its National Vulnerability Database methodology in response to a significant rise in vulnerabilities. The number of newly submitted CVEs increased by 263 percent from 2020 to 2025. NIST processed nearly 42,000 CVEs in 2025, but this was insufficient to manage the influx. A funding gap in 2024 worsened the backlog, and in April 2025, the CVE system faced a funding crisis. NIST is now prioritizing CVEs from the CISA Known Exploited Vulnerabilities Catalog for immediate analysis.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]