CVE Intelligence¶
TI Mindmap HUB automatically extracts CVE identifiers from processed threat reports and enriches them with contextual data, enabling analysts to search and correlate vulnerabilities across multiple reports.
Extraction and Enrichment¶
CVE identifiers are extracted from report text using pattern matching and validated against the standard format (CVE-YYYY-NNNNN). Extracted CVEs are enriched with:
| Field | Description |
|---|---|
| CVE ID | Standard identifier (e.g., CVE-2025-8088) |
| Severity | CVSS-based severity when available |
| EPSS Score | Exploit Prediction Scoring System probability |
| Exploit Status | Whether active exploitation has been observed |
| Related Reports | All platform reports referencing this CVE |
| Associated Threat Actors | Groups known to exploit this vulnerability |
Cross-Report Correlation¶
Unlike isolated CVE databases, TI Mindmap HUB correlates vulnerabilities across all processed threat reports. Analysts can search for a specific CVE and understand:
- Which reports mention it
- Which threat actors are exploiting it
- What campaigns leverage this vulnerability
- How it relates to other observed IOCs and TTPs
MCP Tools¶
CVE intelligence is accessible via five dedicated MCP tools:
| Tool | Description |
|---|---|
search_cve |
Search for a specific CVE by ID |
search_cves_by_keyword |
Search CVEs by keyword |
list_cves |
List CVEs with filters (severity, pagination, sorting) |
get_cves_by_article |
Get all CVEs from a specific report |
get_cve_statistics |
Get aggregate CVE statistics |
STIX Representation¶
Extracted CVEs are represented as STIX 2.1 Vulnerability objects within the report's STIX bundle:
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--<uuid>",
"name": "CVE-2025-8088",
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2025-8088",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8088"
}
]
}
Known Limitations¶
- Enrichment lag — Newly published CVEs may lack EPSS or severity data
- Context dependency — Enrichment quality depends on the detail level of the source report
- False positives — Version numbers or other numeric patterns may occasionally be misidentified as CVEs
See Known Limitations for the full list.