National Vulnerability Database Backlog Highlights Need for Proactive Security Measures
April 1, 2025
5 min read
April 1, 2025
5 min read
Welcome to the April Security Update from Origina Security Services. This month, we are examining the importance of proactive software security measures, as well as sharing up-to-date information on recent security alerts.
The National Vulnerability Database (NVD) is the U.S. government database of standards-based vulnerability management data using Security Content Automation Protocol (SCAP). The NVD includes catalogs of security checklist references, security-related software flaws, product names, and impact metrics.
Recently, the NVD has been experiencing significant backlogs in processing and analyzing reported vulnerabilities. This has led to concerns within the cybersecurity community.
Last year, the NVD began experiencing delays in processing new vulnerabilities. By May 2024, reports indicated that 93.4% of new vulnerabilities had not been analyzed, and 50.8% of known exploited vulnerabilities were still awaiting assessment. This backlog was attributed to various factors, including an increase in reported vulnerabilities and changes in support.
To address this issue, the National Institute of Standards and Technology (NIST) the organization that operates the National Vulnerability Database, awarded a contract to Analygence in late May 2024, with the goal to clear the congestion. Despite these efforts, thousands of CVEs have yet to be analyzed.
Origina’s approach
In light of these delays, Origina has taken a proactive stance to ensure our customers remain protected against emerging threats. Our Vulnerability Advisory Service is designed to monitor security bulletins and respond with solutions that mitigate identified threats. Despite the delays experienced by the NVD backlog, Origina’s team of security experts have been able to promptly inform customers of new critical security threats affecting their organizations.
Additionally, our Vulnerability Advisory Portal provides customers with unlimited access to proactive mitigation advisories, even in scenarios where original equipment manufacturer (OEM) patches or fixes are unavailable. The VA Portal offers up-to-date threat intelligence and mitigation strategies, regardless of the product version or third-party components involved.
While the National Vulnerability Database plays a crucial role in maintaining cybersecurity standards, current backlogs highlight the need for organizations to adopt proactive measures. Origina remains committed to delivering timely and effective vulnerability advisories, ensuring that our customers are well-protected against potential threats, despite delays in external databases.
Here are links to the latest and updated software security vulnerabilities available through the Origina Vulnerability Advisory Portal.
The Vulnerability Advisory Portal is a vital resource, offering unlimited access to proactive mitigation advisories, even when OEM patches or fixes are unavailable. You’ll also find hardening guides and publications with regularly updated information on secure configurations and regulations.
Ask Origina how we can assist with new functionalities, policy compliance, or regulatory needs — from MFA integration to advanced cryptographic implementation.
CVE-2025-22230 opens the door for a malicious actor with non-administrative privileges on a Windows guest virtual machine to perform certain high-privilege operations within that VM.
One critical point is that VMware Tools is freely accessible to anyone with a Broadcom login, even without an active support contract. This raises concerns in environments where VM access isn’t strictly controlled. Additionally, VMware Tools is versioned separately from VMware Fusion or ESXi, meaning security fixes—like version 12.5.1, that addresses this CVE—can be applied even if the hypervisor hasn’t been updated.
For more information, please visit our Vulnerability Advisory Portal.
Security is at the heart of everything we do. Our focus goes beyond addressing individual risks and vulnerabilities. If you’re facing a security, risk, or regulatory challenge and need expert guidance, we’re here to help. Reach out to your Customer Success Manager or submit a request through the Origina Self–Service Portal.
Gain insight into industry-only news, access to webinars, tips and tricks, blog posts, podcasts, and guides, surrounding topics like cybersecurity, reducing software support and maintenance costs and much more, all delivered to your inbox each month.
LEARN MORE
