Zero-day vulnerability

A zero-day (also known as a 0-day) is a vulnerability or security hole in a computer system unknown to its developers or anyone capable of mitigating it.^[1] Until the vulnerability is remedied, threat actors can exploit it in a zero-day exploit, or zero-day attack.^[2]^[3]

The term "zero-day" originally referred to the number of days since a new piece of software was released to the public, so "zero-day software" was obtained by hacking into a developer's computer before release. Eventually the term was applied to the vulnerabilities that allowed this hacking, and to the number of days that the vendor has had to fix them.^[4]^[5]^[6] Vendors who discover the vulnerability may create patches or advise workarounds to mitigate it – though users need to deploy that mitigation to eliminate the vulnerability in their systems. Zero-day attacks are severe threats.^[7]

^ Guo, Mingyu; Wang, Guanhua; Hata, Hideaki; Babar, Muhammad Ali (2021-07-01). "Revenue maximizing markets for zero-day exploits". Autonomous Agents and Multi-Agent Systems. 35 (2): 36. arXiv:2006.14184. doi:10.1007/s10458-021-09522-w. ISSN 1387-2532. S2CID 254225904.
^ Compare: "What is a Zero-Day Vulnerability?". pctools. Symantec. Archived from the original on 2017-07-04. Retrieved 2016-01-20. A zero day vulnerability refers to an exploitable bug in software that is unknown to the vendor. This security hole may be exploited by crackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack.
^ Khandelwal, Abhi; Mahato, Dharmendra Prasad (2024). "Zero-Day Exploits Framework of Supply Chain Networks". Advanced Network Technologies and Intelligent Computing. Vol. 2090. Cham: Springer Nature Switzerland. p. 319–335. doi:10.1007/978-3-031-64076-6_21. ISBN 978-3-031-64075-9. Retrieved 2025-06-17. Zero-Day Exploits: It is difficult to detect and mitigate zero-day vulnerabilities that are unknown to suppliers. Attackers can exploit these vulnerabilities before security fixes are released.
^ Zetter, Kim (Nov 11, 2014). "Hacker Lexicon: What Is a Zero Day?". Wired.
^ "Where the term "Zero Day" comes from - mmmm". 2018-01-31. Archived from the original on 2018-01-31. Retrieved 2021-09-05.
^ "Flash Vulnerabilities Causing Problems". ESET. Archived from the original on March 4, 2016. Retrieved Mar 4, 2016.
^ The Man Who Found Stuxnet – Sergey Ulasen in the Spotlight published on November 2, 2011

[1] Guo, Mingyu; Wang, Guanhua; Hata, Hideaki; Babar, Muhammad Ali (2021-07-01). "Revenue maximizing markets for zero-day exploits". Autonomous Agents and Multi-Agent Systems. 35 (2): 36. arXiv:2006.14184. doi:10.1007/s10458-021-09522-w. ISSN 1387-2532. S2CID 254225904.

[2] Compare: "What is a Zero-Day Vulnerability?". pctools. Symantec. Archived from the original on 2017-07-04. Retrieved 2016-01-20. A zero day vulnerability refers to an exploitable bug in software that is unknown to the vendor. This security hole may be exploited by crackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack.

[e168-3] Khandelwal, Abhi; Mahato, Dharmendra Prasad (2024). "Zero-Day Exploits Framework of Supply Chain Networks". Advanced Network Technologies and Intelligent Computing. Vol. 2090. Cham: Springer Nature Switzerland. p. 319–335. doi:10.1007/978-3-031-64076-6_21. ISBN 978-3-031-64075-9. Retrieved 2025-06-17. Zero-Day Exploits: It is difficult to detect and mitigate zero-day vulnerabilities that are unknown to suppliers. Attackers can exploit these vulnerabilities before security fixes are released.

[4] Zetter, Kim (Nov 11, 2014). "Hacker Lexicon: What Is a Zero Day?". Wired.

[5] "Where the term "Zero Day" comes from - mmmm". 2018-01-31. Archived from the original on 2018-01-31. Retrieved 2021-09-05.

[6] "Flash Vulnerabilities Causing Problems". ESET. Archived from the original on March 4, 2016. Retrieved Mar 4, 2016.

[7] The Man Who Found Stuxnet – Sergey Ulasen in the Spotlight published on November 2, 2011

[1]

[2]

[3]

[4]

[5]

[6]

[7]