New ASM Features and Improvements | November 2025
Oliver Sanders
5 December 2025
The development team has been busy again this month, with a focus on how you assess risk and manage your seed data. Here’s a look at what’s new in Hexiosec ASM this July:
Additionally, I joined Hexiosec in July as a Junior Software Engineer! Although it’s only been a month I’ve contributed quite a few features in this blog 😊. Grateful for the team’s support, and excited for what’s ahead in Hexiosec ASM!
One of the most visible additions this month is the inclusion of EPSS data throughout Hexiosec ASM. EPSS stands for Exploit Prediction Scoring System and is a set of CVE metrics produced by the Forum of Incident Response Teams (FIRST).
EPSS scores and percentiles show you insight into how likely a CVE is to experience exploitation activity in the next 30 days, and how it ranks across all known CVEs. The score updates regularly and will be refreshed every time a scan runs.
EPSS data can be viewed on the Risks page via the new EPSS score and optional percentile columns, and by expanding the row on vulnerability risks and selecting the EPSS tab. The value in the EPSS column can also be clicked as a shortcut to this tab.

There is also a new Vulnerabilities widget on the Overview page which features EPSS scores alongside severity and an indicator of known exploits, giving you a high-level view before drilling down into the scan results.

The Actions page features a maximum EPSS score alongside Actions that relate to resolving vulnerabilities, such as component updates.
For more information, you can read our documentation on EPSS scoring.
The introduction of EPSS data is designed to help you prioritise CVEs, particularly when faced with a long list of known vulnerabilities. Coming soon to our website is a blog about how to use Hexiosec ASM and EPSS results to prioritise remediations, look out for this on our website and LinkedIn.
Continuous scans will receive up-to-date EPSS scores automatically, but scans last run before July 2024 won’t include EPSS results, unless they are rescanned. As with all scan results, the EPSS results shown in scans reflect the EPSS scores and other data at the time the scan was run.
EPSS scoring is not available to all tiers, please contact us if you would like to discuss adding this feature to your Hexiosec ASM account.
We’ve introduced a faster way to work with seeds: you can now add multiple seeds at once. The updated seed input form supports common delimiters, making it easier to paste in from your existing tooling or spreadsheets. To keep things easier to find, the seed management has moved from the bottom of the scan overview page to a new home under Settings → Seeds.

In its place on the Overview page is a simplified summary widget that displays your currently configured seeds.

We’ve added an optional column to the Scans page that shows the next scheduled scan time. This is particularly useful if you’re working with recurring scans and want quick confirmation of when a scan will update next.
The time shown will reflect what you already see in the sidebar when you explore a specific scan — if you’d like to include the next run date it can be enabled in the table options.

We’ve also made some quality-of-life improvements to the Risks graph:
These filters give a better contextual timeframe to quickly see last week’s results, or view an entire historical timeline of the risks.


As part of our continued improvements to Hexiosec ASM, we’ve updated our Content Security Policy (CSP) checks. The platform now includes checks for the ‘unsafe-hashes’ directive, providing deeper insight into CSP configurations.
Additionally:
These changes ensure that Hexiosec ASM provides more relevant and actionable information, aligning with current CSP best practices, an in-depth blog regarding CSP changes is coming soon.
We’ve added an optional column “Due Date” to the Actions page, which allows you to see when a particular action is due.

We’re working on features to bring new functionality to Hexiosec ASM, which include: