The european union agency for cybersecurity (enisa) has debuted a European Union Vulnerability Database (EUVD) to provide “Aggregated, Reliable and Actionable” information
The euvd, which is mandated by the NIS2 Directiveis designed to gather public information from sources such as eu member state national computer security insurance teams (CSIRTS), Industry Vulnerachars, and Ophtry Vulnerability Databases, Including Mitre's cve program,
Enisa said that to meet this goal, it has been constructed its platform on a holistic approach as an interconnected database that it believes will allow for analysis and help the commausity correlated Vulnerabilities. It said this would ultimately make it a more trustworthy, transparent and broader information source.
“The eu vulnerability database is a major step towards reinforcing europe's security and resilience,” said Henna Virkunen, European Commission Executive Vice-Prescent for Tech Sovereignty, Security and democracy.
“By brings together vulnerability information relevant to the eu market, we are raising cyber security standards, enabling both private and public sector stakers stakers to beetter prottery protect With great efficiency and autonomy. “
Enisa Executive Director Juhan Lepassaar Added: “Enisa Achieves a Milestone with the implementation of the Vulnerability Database Requirement from the Nis2 direct. Tool designed to substantically improve the management of vulnerability and the risks associateed with them.
“The database ensures transparency to all users of the affected iCT products and services and will stand as an efficient source of information to find mitigation measures.”
Mitre cve program
The launch of the euvd come Mere Weeks after the Security Community was Rocked by the Near-Death Experience of Mitre's long-running cve programA US Government -Backed and -Funded Resource that over the past two decades has become a fixture in the security world.
Although Mitre's Funding was, in the end, Restored at the last minute by the US authoritiesThe 24 hours of uncertainty prompted much soul-searching and many cyber professionals have begun to consider or discuss the idea of alternatives to a program That is Ultimately Backed by a Single Government.
Although euvd is not designed to replace the US program, enisa said it had worked with mitre on its own development, and continues to work along Crisis on the euvd project.
For Now, Data on Common Vulnerabilites and Exposures (Cve), Data Provided by Theose Disclosing Vulnerabilites, And Other Sources Such as the Cybersecurity and Infrastructure Security Security Securities Agency (CISA's) Known exploated vulnerabilities Catalogue will be automatically transposed into euvd with support from eu member state csirts.
For example, cve-2025-32709, a privilege escalation vulnerability in Windows ancillary function driver for Winsock- Disclosed this week on Patch Tuesday – appears in the euvd with the design EUVD-2025-14439,
Sylvain Cortes, Strategy Vice-Prescent at Hackuity.
“There's also still some uncertainty Around whither the mitre database will continue to exist after Can be Less Reliant on One Vulnerability Enrichment Source. [the US National Vulnerability Database] Has Suffered Backlogs in the past.
“Ultimately, we need a source for all vulnerability that is reliable and open, and we hope that the new euvd promises will provide this,” said cortes.
Crystal Morin, Cyber Security Strategist at SysdigAlso welcomed the launch as part of the ongoing Effort to Strengthen Global Cyber Security Amid an Uncertain Future. She said she hoped the euvd would complete complement the cve program.
“Having bot in play means more organisations handling cve requests and, ultimately, fastery public disclosure,” She said.
“For Security Teams, The Euvd is Simply Another Trusted source for Vulnerability Intelligence. Duplication and confusion, and gain speed and resilience. “