• 2 min read
Kaspersky launches VM platform with 370,000 flaw records
Kaspersky has commercially launched Kaspersky VM, a vulnerability management platform for companies with 10+ devices and a database of over 370,000 flaw descriptions.

Image: kod
Kaspersky has commercially launched Kaspersky Vulnerability Management, or Kaspersky VM, as companies face a sharp rise in disclosed security flaws. The backdrop is stark: 48,244 new CVE entries were added in 2025, up from 40,077 a year earlier, while critical vulnerabilities take an average of 55 days to close, and every third attack begins with vulnerability exploitation, according to the source article.
The product targets organizations with fleets of 10 devices or more and is designed to centralize several jobs that are often split across separate tools: asset inventory, risk prioritization, configuration control, and patch management. In practice, Kaspersky is pitching a workflow of find, assess, fix, and verify, rather than another dashboard full of alerts.
What Kaspersky VM does
Kaspersky VM operates in two modes:

Recommended reading
Apple Pulled a Signed Mac App Tied to CrashStealer
- Agent-based: uses existing Kaspersky agents already installed on servers and workstations, without deploying additional software
- Network-based: scans devices without agents by analyzing open ports and services
According to the source, the platform supports:
- vulnerability discovery across Windows and Linux infrastructure
- inventory of devices, operating systems, and installed software
- risk prioritization based on identified weaknesses
- configuration checks against FSTEC profiles No. 17, No. 21, No. 31, and No. 239
- patch management from detection through remediation verification
- integration with Kaspersky Security Center and Kaspersky SIEM
- an open API for data exchange with external systems
Kaspersky is also emphasizing the platform’s knowledge base. It includes more than 370,000 vulnerability descriptions, with over 365,000 tied to CVE and more than 90,000 sourced from the FSTEC database. For compliance checks, the system offers more than 600 rules covering industry standards and internal security requirements.
Certification will matter
The launch comes into a crowded market that already includes scanners and patch-management products such as MaxPatrol VM from Positive Technologies and vulnerability management offerings in the R-Vision and Solar ecosystems.
Kaspersky VM is now being prepared for FSTEC certification and inclusion in the Russian Ministry of Digital Development’s domestic software registry. For large companies and public-sector buyers, those approvals can be decisive, since they often determine whether a new security product makes it into procurement pipelines beyond a vendor’s existing customer base.
Security Editor
Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.
via ITzine


