US Cuts to CVE: When Digital Security Becomes a Bargaining Chip
The US funding for the CVE list has been stopped with immediate effect—potentially dramatic …
16.04.2025
Katrin Peter
•
•
4 Minuten Lesezeit
EU Strengthens Digital Sovereignty: New Vulnerability Database as a Response to CVE Uncertainties
On April 16, 2025, a decisive shift occurred in the global IT security world: the impending shutdown of the CVE system (Common Vulnerabilities and Exposures) was apparently averted. According to reports, the contract between the U.S. cybersecurity agency CISA and the operator MITRE was extended at the last minute—a measure taken literally in the nick of time.
sicherheit
souveränität
europa
cve
compliance
CVE shutdown averted – but Europe is charting its own course. With the new vulnerability database from ENISA, the EU is strengthening its digital sovereignty. ayedo demonstrates how modern vulnerability management works.
At the Last Minute: CVE Remains – For Now
On April 16, 2025, a decisive shift occurred in the global IT security world: the impending shutdown of the CVE system (Common Vulnerabilities and Exposures) was apparently averted. According to reports, the contract between the U.S. cybersecurity agency CISA and the operator MITRE was extended at the last minute—a measure taken literally in the nick of time.
While the international community awaits an official statement, Europe has taken action: ENISA (European Union Agency for Cybersecurity) is launching its own vulnerability database – the European Vulnerability Database (EVD). This move sends a signal that goes beyond security benefits: Europe is betting on digital sovereignty.
Background: Why CVE is So Important
The CVE system is a cornerstone of the global IT security architecture. It standardizes and catalogs vulnerabilities so that developers, companies, and security providers worldwide speak the same language when it comes to vulnerabilities. Without this reference, chaos looms: unclear assignments, lack of reliability – and endangered IT infrastructures.
The discussion about a potential shutdown therefore caused unrest. Too much dependence on a U.S.-centered, partly privately supported structure was a thorn in the side of many. The current crisis has shown: Alternatives are needed, preferably within a transparent, European framework.
The European Response: ENISA’s EVD
Since June 2024, ENISA has been working on its own vulnerability database – a project in the context of the NIS2 Directive, which prescribes higher cybersecurity standards for companies, authorities, and critical infrastructures across Europe. In early April 2025, the platform surprisingly went online for a few hours – initially as an internal functionality test. But after the CVE turbulence, ENISA acted quickly and publicly released the database.
What We Know So Far:
| Feature | European Vulnerability Database (EVD) |
|---|---|
| Operator | ENISA (EU Agency) |
| Objective | Independent, EU-centered documentation of vulnerabilities |
| Compliance Framework | NIS2-compliant, GDPR-compliant |
| Status | Operational, expandable |
| Access | Public, API-supported planned |
The EVD not only sets a technical precedent but also a political one: Europe no longer wants to merely react in cybersecurity but to shape it – based on openness, security, and strategic independence.
Outlook: Plurality Instead of Monopoly
Alternatives are forming beyond the EU as well. Various civil society and industrial initiatives are considering Open-Source-based CVE alternatives. A foundation solution for CVE management is also under discussion. The market for vulnerability information could become more diverse, resilient – and ultimately more democratic.
For companies in Europe, this raises an important question:
How do we integrate new vulnerability sources like the EVD into our processes – without redundancies, but with maximum transparency?
Strategic partnerships are needed here, for example, with providers who can aggregate, evaluate, and automatically feed vulnerability information into existing SIEM, CMDB, or vulnerability management systems. A sovereign infrastructure also requires sovereign tools.
Conclusion: European Cybersecurity on the Rise
The developments surrounding CVE and the new European database mark a turning point: The question is no longer whether, but how European IT security can be organized independently, modernly, and compliance-conform.
For IT decision-makers, this means:
Now is the right time to rethink vulnerability management – resilient, European, and interoperable.
ayedo: Vulnerability Management That Fits Your IT Strategy
With ayedo, we support companies, authorities, and critical infrastructures in future-proofing their IT systems. We integrate vulnerability data – whether from CVE, EVD, or other sources – directly into your existing processes and tools. Our approach is:
- Compliance-ready: NIS2, GDPR, and industry-specific standards firmly in view
- Sovereign and automated: Integration into CMDB, SIEM, and automation platforms
- Cloud-native or on-prem: Flexible, secure, adaptable
🔍 Want to know how to use EVD and CVE together – without extra effort?
💡 Or are you looking for a sovereign solution to automate your vulnerability management?
Then talk to us.
Ähnliche Artikel
Microsoft Blocks the Email Account of a Chief Prosecutor. Europe Watches.
A senior investigator of the International Criminal Court loses access to his emails – because a US …
19.05.2025
SBOM and CVE Scanning – Why Secure Artifacts Are Essential for the Software Supply Chain
The security of software supply chains is one of the central topics in IT security today. Companies …
02.09.2025