Zero-Day

A vulnerability being exploited in the wild before the vendor has released a patch (zero days of warning).

A zero-day (0-day) is a vulnerability for which no patch exists at the time of exploitation. The name reflects the defender's lead time: zero days to prepare before attacks begin. Zero-day exploits are valuable, traded on commercial markets and government stockpiles, and typically reserved for high-value targets to avoid burning the capability. CISA's Known Exploited Vulnerabilities (KEV) catalog tracks confirmed in-the-wild exploitation and sets remediation deadlines for US federal agencies. A vulnerability stops being a zero-day once a patch is published, even if many systems remain unpatched.

Reference

CISA Known Exploited Vulnerabilities Catalog

Related terms

CVE
CVSS

Referenced on

How to Report Network Security Incidents to a CERT Team: Templates for Vulnerability Exploitation and Intrusions

Back to the full glossary