An empirical analysis of zero-day vulnerabilities disclosed by the zero day initiative
This work addresses cybersecurity practitioners by providing empirical analysis of zero-day vulnerabilities to enhance organizational preparedness, though it appears incremental as it applies existing methods to new data.
This study analyzed 415 zero-day vulnerabilities disclosed by the Zero Day Initiative in early 2024 to identify trends, severity distributions across vendors, and characteristics predictive of high severity, and explored machine learning approaches for severity classification to support improved patch prioritization and vulnerability management.
Zero-day vulnerabilities represent some of the most critical threats in cybersecurity, as they correspond to previously unknown flaws in software or hardware that are actively exploited before vendors can develop and deploy patches. During this exposure window, affected systems remain defenseless, making zero-day attacks particularly damaging and difficult to mitigate. This study analyzes the Zero Day Initiative (ZDI) vulnerability disclosures reported between January and April 2024, Cole [2025] comprising a total of 415 vulnerabilities. The dataset includes vulnerability identifiers, Common Vulnerability Scoring System (CVSS) v3.0 scores, publication dates, and short textual descriptions. The primary objectives of this work are to identify trends in zero-day vulnerability disclosures, examine severity distributions across vendors, and investigate which vulnerability characteristics are most indicative of high severity. In addition, this study explores predictive modeling approaches for severity classification, comparing classical machine learning techniques with deep learning models using both structured metadata and unstructured textual descriptions. The findings aim to support improved patch prioritization strategies, more effective vulnerability management, and enhanced organizational preparedness against emerging zero-day threats.