CVE-2024-23425info

Summary

by MITRE • 01/01/2025

To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 01/01/2025

CVE records must demonstrate actual usage or exploitation to maintain compliance with CNA guidelines and ensure the validity of vulnerability disclosures. This requirement prevents the proliferation of unused or hypothetical vulnerability entries that could clutter databases and potentially mislead security professionals. The rejection of unused CVE records reflects the collaborative effort among CNAs to maintain high-quality vulnerability intelligence by ensuring each assigned identifier corresponds to verified threats or exploitable conditions.

The validation process requires evidence of real-world exploitation, security research activity, or documented impact from the vulnerability in question. This approach aligns with industry standards that emphasize the importance of actionable threat intelligence over theoretical vulnerabilities. Security researchers and organizations must demonstrate tangible proof of a vulnerability's existence and potential impact before a CVE identifier can be considered valid for public disclosure.

When CNAs encounter unused CVE records, they typically conduct thorough reviews to determine whether the vulnerability has been adequately documented through supporting evidence such as proof-of-concept code, security advisories, or public exploitation reports. The rejection process ensures that only verified threats receive official CVE assignments, maintaining database integrity and preventing confusion among security teams who rely on these identifiers for threat assessment and mitigation planning.

This compliance mechanism also supports the broader cybersecurity ecosystem by ensuring that vulnerability management systems and threat intelligence platforms operate with accurate and actionable data. The requirement for active usage helps maintain the credibility of CVE assignments and prevents the accumulation of dead entries that could otherwise dilute the effectiveness of vulnerability tracking efforts across organizations and security vendors worldwide.

Disclosure

01/01/2025

Moderation

in review

EPSS

0.00000

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!