Dear CWE Community, The CWE™ Program is thrilled to announce the following program updates from September:
* CWE Version 4.18<https://cwe.mitre.org/news/archives/news2025.html#september09_CWE_Version_4_18_Now_Available> — CWE 4.18, released on September 9, 2025, includes 1 new view<https://cwe.mitre.org/data/definitions/1432.html> and 1 new category<https://cwe.mitre.org/data/definitions/1433.html> related to the recently released “2025 Most Important Hardware Weaknesses<https://cwe.mitre.org/topHW/index.html>;” 1 new AI-related weakness for “Insecure Setting of Generative AI/ML Model Inference Parameters<https://cwe.mitre.org/data/definitions/1434.html>;” modification of some references, mitigations, affected resources, and functional areas to more closely link with D3FEND<https://d3fend.mitre.org/> concepts; and, many other changes related to CWE usability improvements (see next item below). The CWE Program thanks the members of the Artificial Intelligence Working Group (AI WG)<https://cwe.mitre.org/community/working_groups.html#ai_wg_sig> for their collaboration preparing for this new version. * CWE Usability Improvements<https://cwe.mitre.org/news/archives/news2025.html#september09_CWE_Version_4_18_Now_Available> — The release of CWE 4.18<https://cwe.mitre.org/news/archives/news2025.html#september09_CWE_Version_4_18_Now_Available> includes the fourth installment of major usability improvements that are underway for the CWE website<https://medium.com/@CWE_CAPEC/major-usability-improvements-to-viewing-cwe-content-underway-359529b4b4a0>. For this latest installment, 14 CWE Entry pages have been upgraded and now include a concise summary of the weakness along with a visual aid at the top of each entry page (see the list of upgraded pages here<https://cwe.mitre.org/news/archives/news2025.html#september09_CWE_Version_4_18_Now_Available>). To view the first three installments of the major usability improvements, see the CWE 4.15<https://cwe.mitre.org/news/archives/news2024.html#july16_CWE_Version_4.15_Now_Available>, CWE 4.16<https://cwe.mitre.org/news/archives/news2024.html#november19_CWE_Version_4.16_Now_Available>, and CWE 4.17<https://cwe.mitre.org/news/archives/news2025.html#april03_CWE_Version_4_17_Now_Available> release notes news articles. Additional usability improvements will be included in future releases. * Mapping CVEs to CWEs Is Main Topic of “We Speak CVE” Podcast<https://cwe.mitre.org/news/archives/news2025.html#august14_RCM_Is_Main_Topic_of_We_Speak_CVE_Podcast> — In the “Mapping the Root Causes of CVEs<https://www.cve.org/Media/News/item/podcast/2025/08/05/Mapping-the-Root-Causes-of-CVEs>” episode host Shannon Sabens chats with CVE™<https://www.cve.org/>/CWE™<https://cwe.mitre.org/> Project Lead Alec Summers and CWE Top 25<https://cwe.mitre.org/top25/> task lead/CWE Root Causes Mapping Working Group<https://cwe.mitre.org/community/working_groups.html#rcm_wg> lead Connor Mullaly about the importance of mapping CVE Records<https://www.cve.org/ResourcesSupport/Glossary?activeTerm=glossaryRecord> (vulnerabilities) to their technical root causes using CWE. Additional topics include the benefits of RCM for CVE Numbering Authorities (CNAs)<https://www.cve.org/ProgramOrganization/CNAs> and consumers of CVE data, Common Vulnerability Scoring System (CVSS)<https://www.first.org/cvss/> and other vulnerability metadata and their differences with CWE, the CWE Top 25 Most Dangerous Software Weaknesses<https://cwe.mitre.org/top25/> list, and the tools and guidance available to improve the RCM process (e.g., examples of mappings and best practices on the CWE website<https://cwe.mitre.org/>, mapping usage labels on CWE entry pages on the website, the RCM WG<https://cwe.mitre.org/community/working_groups.html#rcm_wg>, and an LLM tool), and more. We are really excited about this new release, the usability improvements to the CWE entry pages and the overall CWE website, and the RCM podcast. There’s a lot going that will lead to future announcements of CWE Program improvements, as well as ongoing efforts to strengthen and expand the CWE corpus through new research, community collaboration, and continuous alignment with the evolving needs of the vulnerability management ecosystem. On behalf of the CWE Team, thank you for your continued support of the CWE Program. Cheers, Alec -- Alec J. Summers MITRE CVE / CWE Project Lead Cyber Security Engineer, Principal Center for Securing the Homeland (CSH) –––––––––––––––––––––––––––––––––––– MITRE – Pioneering for a Better Future
