VMDR Release 2.7 

October 29, 2025 

New Tokens

The following new tokens are added to Risk Acceptance Rules in VMDR > Responses. 

  • vulnerabilities.nonExploitableService
  • vulnerabilities.vulnerability.category
  • vulnerabilities.vulnerability.title
  • vulnerabilities.qualysPatchable
  • vulnerabilities.vulnerability.patchAvailable
  • gcp.compute.instanceId

QQL Token: Deprecation of the asset.riskScore token

We have deprecated the asset.riskScore QQL token in the current release. For more information about the depreciation of this QQL token, see VMDR Release 0.10.0.

This depreciation has no impact on existing tags created using this token. 

Issue Addressed

The following reported and notable customer issue is fixed in this release.

Category/Component Issue
Vulnerabilities Details 

Clarified CVE Visibility in Understanding the Qualys Vulnerability Score for CVEs topic. 

Previously, the topic did not clearly specify which CVEs are displayed in the different sections of the QID details, leading to confusion about CVE visibility.

The documentation has been updated to clarify that:

  • General Information: Displays all CVEs associated with the QID, including those published by NVD, as well as private or reserved CVEs.
  • CVE Details: Displays only the CVEs that contribute to the QDS/QVS score.

This update helps you better understand which CVEs appear in each section and how they relate to the vulnerability scoring.

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: October, 2025