VMDR Release 2.5

July 24, 2025

Reports Tab Renamed to VMDR Prioritization

The Reports tab in Prioritization has been renamed to VMDR Prioritization to provide clearer distinction between prioritization methods.

This rename helps differentiate between two types of VMDR vulnerability prioritization:

Filter-based prioritization using criteria such as Age, Real-Time Threat Indicators (RTI), and Attack Surface.
Qualys TruRisk prioritization using Qualys TruRisk methodology.

New Sections Added to VMDR Prioritization

The VMDR Prioritization tab now includes two sections to help you better manage your reports and schedules.

Reports (Old Tab)
Contains all the familiar functionality from the previous Reports tab. Everything works exactly the same.

You can:

View, download, and rerun saved reports created from the Save And Download Report window.
Start prioritizing vulnerabilities.

Schedules (New Section)
Manage your automated report schedules.

You can:

View and download reports that you scheduled from the Save And Download Report window in the Schedules section.
Pause or delete active schedules.
Delete completed schedules.
Bulk delete schedules.

Schedule Report

You can schedule reports as part of the enhanced Save And Download Report functionality. Reports are automatically generated and the latest version is saved in the Schedules section, with each new report overriding the previous one. This eliminates the need for manual intervention on recurring reporting tasks.

You can also configure notifications to receive reports directly via email, eliminating the need for manual intervention on recurring reporting tasks.

Scheduling Options

When scheduling a report, you can:

Choose between single occurrence or recurring schedules.
Set specific dates and times for report execution.
Gain greater control over when and how frequently your reports run.

This enhancement provides the flexibility to schedule reports exactly when you need them, whether for one-time analysis or regular reporting cycles.

To schedule a report, go to: VMDR Prioritization > Reports > click Start Prioritizing > select asset tags > click Prioritize Now > Save & Download > toggle on Scroll to the Set a Schedule for this Report.

For more information, see Prioritize your Vulnerabilities.

New Icon for Pending CVE Mitigations on the Vulnerabilities Listing Page

We have added a new icon to the Vulnerabilities Listing page to indicate when some CVEs under a vulnerability are still pending mitigation.

Previously, a vulnerability or detection was not marked as “Mitigated” if:

Even one CVE remained unmitigated, regardless of its contribution level.
The highest contributing CVE was mitigated, but another CVE became the new top contributor and remained unmitigated.

This enhancement provides a clearer visual cue to highlight such scenarios, helping users better understand partial or incomplete mitigation states.

Rule Creation Limit Increased

The limit for creating rules has been increased from 15 to 30. This improvement was made in response to customer requests for better support of complex and large-scale global operations.

New Token

To view vulnerabilities that are mitigable, use this token.

Issues Addressed

The following reported and notable customer issues are fixed in this release.

Category/Component	Issue
Widgets	We fixed an issue that caused the TruRisk Score to change unexpectedly on the Trending widget.
Widgets	We have fixed an issue where a sudden drop in the vulnerability count trend line was being incorrectly displayed in the widget. This fix will be included in the Qualys Enterprise TruRisk™ Platform 3.21.1.0 release.
Save and Download Prioritization Report	We fixed an issue that caused an error during the downloading of Prioritization Reports. This error occurred when an asset could not be tracked by its IP address. The relevant code has been updated to correctly handle these situations, ensuring smooth report generation.