{"id":13555,"date":"2025-07-24T17:51:46","date_gmt":"2025-07-24T14:51:46","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=13555"},"modified":"2025-07-24T17:56:28","modified_gmt":"2025-07-24T14:56:28","slug":"cvss-4-base-evolution","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/cvss-4-base-evolution\/13555\/","title":{"rendered":"CVSS hakk\u0131nda her \u015fey: G\u00fcvenlik a\u00e7\u0131\u011f\u0131 puanlamas\u0131 nas\u0131l geli\u015fti?"},"content":{"rendered":"<p>Bu y\u0131l, yaz\u0131l\u0131m g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 tan\u0131mlamak i\u00e7in yayg\u0131n olarak kabul g\u00f6ren bir standart haline gelen Ortak G\u00fcvenlik A\u00e7\u0131\u011f\u0131 Puanlama Sisteminin (CVSS) 20. y\u0131ld\u00f6n\u00fcm\u00fc. Onlarca y\u0131ll\u0131k kullan\u0131ma ve standard\u0131n d\u00f6rt nesline ra\u011fmen (\u015fu anda 4.0 s\u00fcr\u00fcm\u00fcnde) CVSS puanlama kurallar\u0131 k\u00f6t\u00fcye kullan\u0131lmaya ve sistemin kendisi yo\u011fun tart\u0131\u015fmalara konu olmaya devam ediyor. Peki, BT varl\u0131klar\u0131n\u0131z\u0131 etkili bir \u015fekilde korumak i\u00e7in CVSS hakk\u0131nda neler bilmeniz gerekiyor?<\/p>\n<h2>CVSS Temel Puan\u0131<\/h2>\n<p><a href=\"https:\/\/www.first.org\/cvss\/v4-0\/faq\" target=\"_blank\" rel=\"nofollow noopener\">Geli\u015ftiricilerine<\/a> g\u00f6re yaz\u0131l\u0131m a\u00e7\u0131klar\u0131n\u0131n \u00f6zelliklerini ve ciddiyetini tan\u0131mlayan bir ara\u00e7 olan CVSS, Forum of Incident Response and Security Teams (FIRST) taraf\u0131ndan y\u00f6netilmektedir. CVSS, uzmanlar\u0131n g\u00fcvenlik a\u00e7\u0131klar\u0131 hakk\u0131nda ortak bir dil konu\u015fmalar\u0131na yard\u0131mc\u0131 olmak ve yaz\u0131l\u0131m kusurlar\u0131na ili\u015fkin verilerin otomatik olarak i\u015flenmesini kolayla\u015ft\u0131rmak i\u00e7in olu\u015fturulmu\u015ftur. <a href=\"https:\/\/www.cve.org\/\" target=\"_blank\" rel=\"nofollow noopener\">CVE<\/a> , <a href=\"https:\/\/euvd.enisa.europa.eu\/\" target=\"_blank\" rel=\"nofollow noopener\">EUVD<\/a> veya <a href=\"https:\/\/www.cnnvd.org.cn\/\" target=\"_blank\" rel=\"nofollow noopener\">CNNVD<\/a> gibi b\u00fcy\u00fck g\u00fcvenlik a\u00e7\u0131\u011f\u0131 kay\u0131tlar\u0131nda yay\u0131nlanan hemen hemen her g\u00fcvenlik a\u00e7\u0131\u011f\u0131, CVSS \u00f6l\u00e7e\u011fine dayal\u0131 bir \u015fiddet de\u011ferlendirmesi i\u00e7erir.<\/p>\n<p>Bir de\u011ferlendirme genellikle iki ana b\u00f6l\u00fcmden olu\u015fur:<\/p>\n<ul>\n<li>\u0130lki, g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n 0 ile 10 aras\u0131nda ne kadar ciddi oldu\u011funu g\u00f6steren say\u0131sal bir derecelendirmedir (CVSS puan\u0131). 10 puan, bunun son derece tehlikeli ve kritik bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 oldu\u011fu anlam\u0131na gelir.<\/li>\n<li>\u0130kincisi, g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n temel \u00f6zelliklerini tan\u0131mlayan standartla\u015ft\u0131r\u0131lm\u0131\u015f bir metin dizesi olan bir vekt\u00f6rd\u00fcr. Bu, bir a\u011f \u00fczerinden uzaktan m\u0131 yoksa yaln\u0131zca yerel olarak m\u0131 istismar edilebilece\u011fi, y\u00fckseltilmi\u015f ayr\u0131cal\u0131klar gerekip gerekmedi\u011fi, istismar\u0131n ne kadar karma\u015f\u0131k oldu\u011fu ve savunmas\u0131z sistemin hangi y\u00f6nlerinin (kullan\u0131labilirlik, b\u00fct\u00fcnl\u00fck veya gizlilik gibi) istismardan etkilendi\u011fi gibi ayr\u0131nt\u0131lar\u0131 i\u00e7erir.<\/li>\n<\/ul>\n<p>\u0130\u015fte olduk\u00e7a ciddi ve aktif olarak istismar edilen CVE-2021-44228 (Log4Shell) g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kullanan bir \u00f6rnek: <strong>Temel Puan 10.0 (CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H)<\/strong><\/p>\n<p>Bunu biraz a\u00e7al\u0131m: Sald\u0131r\u0131 vekt\u00f6r\u00fc a\u011f tabanl\u0131d\u0131r, sald\u0131r\u0131 karma\u015f\u0131kl\u0131\u011f\u0131 d\u00fc\u015f\u00fckt\u00fcr, gerekli ayr\u0131cal\u0131klar yoktur, kullan\u0131c\u0131 etkile\u015fimi gerekmez, kapsam g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n di\u011fer sistem bile\u015fenlerini etkiledi\u011fini ve gizlilik, b\u00fct\u00fcnl\u00fck ve kullan\u0131labilirlik \u00fczerindeki etkinin y\u00fcksek oldu\u011funu g\u00f6sterir. Her bir bile\u015fenin ayr\u0131nt\u0131l\u0131 a\u00e7\u0131klamalar\u0131 <a href=\"https:\/\/www.first.org\/cvss\/v3-1\/user-guide#Scoring-Rubrics\" target=\"_blank\" rel=\"nofollow noopener\">CVSS 3.1<\/a> ve <a href=\"https:\/\/www.first.org\/cvss\/v4-0\/user-guide#Scoring-Rubrics\" target=\"_blank\" rel=\"nofollow noopener\">CVSS 4.0<\/a> spesifikasyonlar\u0131nda mevcuttur.<\/p>\n<p>CVSS sisteminin \u00f6nemli bir par\u00e7as\u0131 puanlama metodolojisidir. Bu metodoloji ayn\u0131 zamanda hesap makinesi olarak da bilinir ve hem <a href=\"https:\/\/www.first.org\/cvss\/calculator\/4.0\" target=\"_blank\" rel=\"nofollow noopener\">4.0<\/a> hem de <a href=\"https:\/\/www.first.org\/cvss\/calculator\/3.1\" target=\"_blank\" rel=\"nofollow noopener\">3.1<\/a> i\u00e7in mevcuttur. T\u00fcm vekt\u00f6r bile\u015fenlerini doldurdu\u011funuzda otomatik olarak say\u0131sal bir kritiklik puan\u0131 elde edebilirsiniz.<\/p>\n<p>Orijinal CVSS hesaplama metodolojisi \u00fc\u00e7 metrik grubunu i\u00e7erir: <strong>Temel<\/strong> , <strong>Zamansal<\/strong> ve <strong>\u00c7evresel<\/strong>. Birinci grup, bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n temel ve de\u011fi\u015fmez \u00f6zelliklerini kapsar ve CVSS Temel Puan\u0131\u2019n\u0131n hesaplanmas\u0131n\u0131n temelini olu\u015fturur. \u0130kinci grup, yay\u0131nlanm\u0131\u015f istismar kodunun bulunabilirli\u011fi gibi zaman i\u00e7inde de\u011fi\u015febilen \u00f6zellikleri i\u00e7erir. \u00dc\u00e7\u00fcnc\u00fc grup, savunmas\u0131z uygulaman\u0131n kapsam\u0131 veya kurumun altyap\u0131s\u0131nda hafifletici g\u00fcvenlik denetimlerinin varl\u0131\u011f\u0131 gibi ba\u011flama \u00f6zg\u00fc fakt\u00f6rleri hesaba katmak \u00fczere kurum i\u00e7i kullan\u0131m i\u00e7in tasarlanm\u0131\u015ft\u0131r. CVSS 4.0\u2019da, Zamansal \u00f6l\u00e7\u00fcmler <strong>Tehdit<\/strong> \u00f6l\u00e7\u00fcmlerine d\u00f6n\u00fc\u015fm\u00fc\u015f ve yeni bir <strong>Ek<\/strong> \u00f6l\u00e7\u00fcm grubu tan\u0131t\u0131lm\u0131\u015ft\u0131r.<\/p>\n<p>Metriklerin birbiriyle nas\u0131l ba\u011flant\u0131l\u0131 oldu\u011funu \u015f\u00f6yle a\u00e7\u0131klayabiliriz. Yaz\u0131l\u0131m sat\u0131c\u0131lar\u0131 veya siber g\u00fcvenlik \u015firketleri genellikle bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n Temel kritikli\u011fini de\u011ferlendirir (4.0 spesifikasyonunda \u201cCVSS-B\u201d olarak adland\u0131r\u0131l\u0131r). Ayr\u0131ca genellikle bir istismar\u0131n kullan\u0131labilirli\u011fi ve kamuya a\u00e7\u0131klanmas\u0131yla ilgili bir de\u011ferlendirme sa\u011flarlar (4.0\u2019da CVSS-BT ve 3.1\u2019de Temporal). Bu de\u011ferlendirme de\u011fi\u015ftirilmi\u015f bir Temel Puan\u2019d\u0131r; bu nedenle CVSS-B, CVSS-BT\u2019den daha y\u00fcksek veya daha d\u00fc\u015f\u00fck olabilir. \u00c7evresel puana (CVSS-BTE) gelince, CVSS-BT\u2019ye dayal\u0131 olarak belirli bir kurulu\u015f i\u00e7inde hesaplan\u0131r ve g\u00fcvenlik a\u00e7\u0131\u011f\u0131 olan yaz\u0131l\u0131m\u0131 kullanman\u0131n kendine \u00f6zg\u00fc ko\u015fullar\u0131 i\u00e7in ayarlamalar yap\u0131l\u0131r.<\/p>\n<h2>CVSS\u2019in Evrimi<\/h2>\n<p>CVSS\u2019in 2005 ve 2007\u2019de yay\u0131nlanan ilk iki versiyonu g\u00fcn\u00fcm\u00fczde neredeyse hi\u00e7 kullan\u0131lmamaktad\u0131r. Modern g\u00fcvenlik a\u00e7\u0131klar\u0131 i\u00e7in hala eski CVSS puanlar\u0131 bulabilseniz de, CVSS 3.1 (2019) ve CVSS 4.0 (2023) en yayg\u0131n puanlama sistemleridir. Bununla birlikte, bir\u00e7ok yaz\u0131l\u0131m sat\u0131c\u0131s\u0131 ve g\u00fcvenlik a\u00e7\u0131\u011f\u0131 kay\u0131tlar\u0131 4.0 s\u00fcr\u00fcm\u00fcn\u00fc benimsemek i\u00e7in acele etmiyor ve CVSS 3.1 puanlar\u0131 vermeye devam ediyorlar.<\/p>\n<p>\u0130lk CVSS s\u00fcr\u00fcm\u00fcn\u00fcn arkas\u0131ndaki temel fikir, bir puanlama sistemi arac\u0131l\u0131\u011f\u0131yla g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n ciddiyetini \u00f6l\u00e7mekti. Ba\u015flang\u0131\u00e7ta Temel, Zamansal ve \u00c7evresel \u00f6l\u00e7\u00fctler olarak bir ayr\u0131m yap\u0131ld\u0131. Bu a\u015famada, metinsel a\u00e7\u0131klamalar gev\u015fek bir \u015fekilde bi\u00e7imlendirilmi\u015f ve \u00fc\u00e7 grup metrik, ba\u011f\u0131ms\u0131z olarak hesaplanm\u0131\u015ft\u0131r.<\/p>\n<p>CVSS 2.0 standartla\u015ft\u0131r\u0131lm\u0131\u015f bir vekt\u00f6r dizisi ve yeni bir mant\u0131k getirmi\u015ftir: Zorunlu ve de\u011fi\u015ftirilemez bir Temel puan, Temel puandan hesaplanan ancak de\u011fi\u015fen fakt\u00f6rleri hesaba katan bir Zamansal puan ve belirli kurulu\u015flar ve ko\u015fullar dahilinde kullan\u0131lan ve Temel veya Zamansal puandan t\u00fcretilen bir \u00c7evresel puan.<\/p>\n<p>3.0 ve 3.1 s\u00fcr\u00fcmleri Kapsam (di\u011fer sistem bile\u015fenleri \u00fczerindeki etki) kavram\u0131n\u0131 eklemi\u015ftir. Ayr\u0131ca, gerekli ayr\u0131cal\u0131klar ve kullan\u0131c\u0131 etkile\u015fimi ile ilgili parametreleri daha kesin bir \u015fekilde tan\u0131mlad\u0131lar ve bir\u00e7ok parametrenin de\u011ferlerini genelle\u015ftirdiler ve iyile\u015ftirdiler. En \u00f6nemlisi, bu s\u00fcr\u00fcmler CVSS\u2019nin bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n yaratt\u0131\u011f\u0131 riskleri de\u011fil, ciddiyetini \u00f6l\u00e7t\u00fc\u011f\u00fc ger\u00e7e\u011fini sa\u011flamla\u015ft\u0131rmaya \u00e7al\u0131\u015fm\u0131\u015ft\u0131r.<\/p>\n<p>S\u00fcr\u00fcm 4.0\u2019da, yarat\u0131c\u0131lar CVSS metri\u011fini, g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n riske etkisinin i\u015f d\u00fczeyinde de\u011ferlendirilmesi i\u00e7in daha kullan\u0131\u015fl\u0131 hale getirmeyi ama\u00e7lad\u0131lar. Ancak bu hala bir risk \u00f6l\u00e7\u00fct\u00fc de\u011fildir. Sald\u0131r\u0131 karma\u015f\u0131kl\u0131\u011f\u0131 iki ayr\u0131 bile\u015fene ayr\u0131ld\u0131: Sald\u0131r\u0131 gereksinimleri ve sald\u0131r\u0131 karma\u015f\u0131kl\u0131\u011f\u0131. Bu, bir sald\u0131r\u0131n\u0131n do\u011fas\u0131nda var olan m\u00fchendislik zorlu\u011fu ile sald\u0131r\u0131n\u0131n ba\u015far\u0131l\u0131 olmas\u0131 i\u00e7in gerekli olan d\u0131\u015f fakt\u00f6rler veya ko\u015fullar aras\u0131ndaki fark\u0131 vurgulamaktad\u0131r. Pratikte bu, istismar edilmesi i\u00e7in savunmas\u0131z \u00fcr\u00fcnde belirli, varsay\u0131lan olmayan bir yap\u0131land\u0131rma gerektiren bir kusurun, daha y\u00fcksek sald\u0131r\u0131 gereksinimlerine ve dolay\u0131s\u0131yla daha d\u00fc\u015f\u00fck bir genel CVSS puan\u0131na sahip olaca\u011f\u0131 anlam\u0131na gelir.<\/p>\n<p>S\u0131kl\u0131kla yanl\u0131\u015f anla\u015f\u0131lan ve \u201cdi\u011fer bile\u015fenler \u00fczerindeki etki\u201d i\u00e7in sadece \u2018evet\u2019 veya \u201chay\u0131r\u201d se\u00e7enekleri sunan Kapsam metri\u011fi de\u011fi\u015ftirilmi\u015ftir. Geli\u015ftiriciler, g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n i\u015flemlerinin hangi y\u00f6n\u00fcn\u00fc etkiledi\u011fini belirten daha net bir \u201csonraki sistemler\u201d kavram\u0131n\u0131 getirmi\u015ftir. Ek olarak, bir dizi destekleyici g\u00f6sterge eklenmi\u015ftir. Bir istismar\u0131n otomatikle\u015ftirilebilirli\u011fi ve istismar\u0131n insanlar\u0131n fiziksel g\u00fcvenli\u011fi \u00fczerindeki etkisi buna \u00f6rnek olarak verilebilir. Form\u00fcllerin kendileri de \u00f6nemli de\u011fi\u015fikliklere u\u011fram\u0131\u015ft\u0131r. \u00c7e\u015fitli bile\u015fenlerin say\u0131sal tehdit puan\u0131na etkisi, geni\u015f bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 veri taban\u0131 ve ger\u00e7ek d\u00fcnya istismar verileri kullan\u0131larak yeniden de\u011ferlendirilmi\u015ftir.<\/p>\n<h2>CVSS 4.0, g\u00fcvenlik a\u00e7\u0131\u011f\u0131 \u00f6nceliklendirmesini nas\u0131l de\u011fi\u015ftiriyor?<\/h2>\n<p>Siber g\u00fcvenlik uzmanlar\u0131 i\u00e7in CVSS 4.0, g\u00fcn\u00fcm\u00fcz\u00fcn ger\u00e7eklerine daha pratik ve uygun olmay\u0131 hedeflemekte. Bir\u00e7o\u011fu y\u00fcksek CVSS puan\u0131 alan on binlerce g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ile kar\u015f\u0131 kar\u015f\u0131yay\u0131z. Bu durum, bir\u00e7ok kurulu\u015fta bunlar\u0131n derhal d\u00fczeltilmesi i\u00e7in otomatik olarak i\u015faretlenmesine yol a\u00e7makta. Sorun \u015fu ki, bu listeler s\u00fcrekli b\u00fcy\u00fcyor ve bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 d\u00fczeltmek i\u00e7in ortalama s\u00fcre <a href=\"https:\/\/www.csoonline.com\/article\/3596697\/kicking-dependency-why-cybersecurity-needs-a-better-model-for-handling-oss-vulnerabilities.html\" target=\"_blank\" rel=\"nofollow noopener\">yedi aya yakla\u015f\u0131yor<\/a>.<\/p>\n<p>G\u00fcvenlik a\u00e7\u0131klar\u0131 <a href=\"https:\/\/www.orangecyberdefense.com\/global\/blog\/cert-news\/impact-of-the-transition-from-the-cvssv3-to-cvssv4-norm\" target=\"_blank\" rel=\"nofollow noopener\">CVSS 3.1\u2019den CVSS 4.0\u2019a yeniden de\u011ferlendirildi\u011finde<\/a>, \u00f6nem derecesi 4.0 ile 9.0 aras\u0131nda olan kusurlar i\u00e7in Temel Puan biraz artma e\u011filiminde. Bununla birlikte, CVSS 3.1\u2019de kritik derecede ciddi olarak de\u011ferlendirilen g\u00fcvenlik a\u00e7\u0131klar\u0131 i\u00e7in puan genellikle de\u011fi\u015fmeden kal\u0131r veya hatta azal\u0131r. Daha da \u00f6nemlisi, Zamansal \u00f6l\u00e7\u00fctler daha \u00f6nce bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n say\u0131sal derecelendirmesi \u00fczerinde \u00e7ok az etkiye sahipken, Tehdit ve \u00c7evresel \u00f6l\u00e7\u00fctlerin etkisi art\u0131k \u00e7ok daha \u00f6nemli. Orange Cyberdefense bunu \u00f6rneklemek i\u00e7in bir <a href=\"https:\/\/www.orangecyberdefense.com\/global\/blog\/cert-news\/impact-of-the-transition-from-the-cvssv3-to-cvssv4-norm\" target=\"_blank\" rel=\"nofollow noopener\">\u00e7al\u0131\u015fma<\/a> y\u00fcr\u00fctt\u00fc. Bir \u015firketin 8000 g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 takip etti\u011fini ve BT ve g\u00fcvenlik ekiplerinin Temel CVSS puan\u0131 8\u2019in \u00fczerinde olan t\u00fcm hatalar\u0131 belirli bir zaman dilimi i\u00e7inde d\u00fczeltmeleri gerekti\u011fini d\u00fc\u015f\u00fcn\u00fcn. Bu 8000 ger\u00e7ek d\u00fcnya g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n y\u00fczde ka\u00e7\u0131 \u00a0\u2013 istismar\u0131n kamuya a\u00e7\u0131kl\u0131\u011f\u0131 dikkate al\u0131narak veya al\u0131nmazsa (Zamansal\/Tehdit ayarlamas\u0131) \u2013 bu kategoriye girer? \u00c7al\u0131\u015fma, CVSS 4.0\u2019\u0131n temel s\u00fcr\u00fcm\u00fcnde, g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n daha b\u00fcy\u00fck bir y\u00fczdesine 8 veya daha y\u00fcksek bir puan verdi\u011fini ortaya koymu\u015ftur (3.1 s\u00fcr\u00fcm\u00fcndeki %18\u2019e k\u0131yasla %33). Ancak, a\u00e7\u0131klar\u0131n mevcudiyetine g\u00f6re ayarland\u0131\u011f\u0131nda, bu say\u0131 \u00f6nemli \u00f6l\u00e7\u00fcde d\u00fc\u015fmekte ve \u00f6ncelik verilecek daha az say\u0131da ger\u00e7ekten kritik kusur kalmaktad\u0131r (%8\u2019e kar\u015f\u0131 %10).<\/p>\n<h2>Kritik, Y\u00fcksek ve aradaki her \u015fey<\/h2>\n<p>\u201cKritik\u201d bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ile sadece tehlikeli olan bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 aras\u0131ndaki fark nedir? Metin tabanl\u0131 bir ciddiyet a\u00e7\u0131klamas\u0131, spesifikasyonun bir par\u00e7as\u0131d\u0131r, ancak g\u00fcvenlik a\u00e7\u0131\u011f\u0131 a\u00e7\u0131klamas\u0131nda her zaman gerekli de\u011fildir:<\/p>\n<ul>\n<li>D\u00fc\u015f\u00fck Ciddiyet: 0,1\u20133,9<\/li>\n<li>Orta Ciddiyet: 4,0\u20136,9<\/li>\n<li>Y\u00fcksek Ciddiyet: 7,0\u20138,9<\/li>\n<li>Kritik Ciddiyet: 9,0\u201310,0<\/li>\n<\/ul>\n<p>Uygulamada, bir\u00e7ok yaz\u0131l\u0131m sat\u0131c\u0131s\u0131 bu metin a\u00e7\u0131klamalar\u0131na yarat\u0131c\u0131 bir yakla\u015f\u0131m sergiliyor. Adlar\u0131 de\u011fi\u015ftirebiliyor veya CVSS\u2019de yer almayan kendi de\u011ferlendirmelerini ve fakt\u00f6rlerini ekleyebiliyorlar. Bunun tipik bir \u00f6rne\u011fi Haziran ay\u0131ndaki Microsoft Sal\u0131 Yamas\u0131d\u0131r (\u00f6zellikle <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-33064\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2025-33064<\/a> ve <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-32710\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2025-32710<\/a>). Bunlardan ilki \u201c\u00d6nemli\u201d, ikincisi ise \u201cKritik\u201d olarak tan\u0131mlan\u0131r ancak CVSS 3.1 puanlar\u0131 s\u0131ras\u0131yla 8.8 ve 8.1\u2019dir.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial-leadgen\">\n","protected":false},"excerpt":{"rendered":"<p>Ortak G\u00fcvenlik A\u00e7\u0131\u011f\u0131 Puanlama Sistemini inceliyoruz: Ne i\u015fe yarad\u0131\u011f\u0131n\u0131, pratikte nas\u0131l kullan\u0131ld\u0131\u011f\u0131n\u0131 ve Temel Puan&#8217;\u0131n neden g\u00fcvenlik a\u00e7\u0131\u011f\u0131 de\u011ferlendirmesinin sonu de\u011fil sadece ba\u015flang\u0131c\u0131 oldu\u011funu a\u00e7\u0131kl\u0131yoruz.<\/p>\n","protected":false},"author":2722,"featured_media":13557,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[2796,2795,790,519,2475,2377],"class_list":{"0":"post-13555","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-ciso","10":"tag-cvss","11":"tag-guvenlik-aciklari","12":"tag-ipuclari-2","13":"tag-strateji","14":"tag-yamalar"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/cvss-4-base-evolution\/13555\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/cvss-4-base-evolution\/12577\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/cvss-4-base-evolution\/28320\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/cvss-4-base-evolution\/31157\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/cvss-4-base-evolution\/29830\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/cvss-4-base-evolution\/40086\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/cvss-4-base-evolution\/53825\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/cvss-4-base-evolution\/22979\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/cvss-4-base-evolution\/24009\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/cvss-4-base-evolution\/32432\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/cvss-4-base-evolution\/29378\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/guvenlik-aciklari\/","name":"g\u00fcvenlik a\u00e7\u0131klar\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/13555","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2722"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=13555"}],"version-history":[{"count":11,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/13555\/revisions"}],"predecessor-version":[{"id":13568,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/13555\/revisions\/13568"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/13557"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=13555"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=13555"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=13555"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}