diff --git a/content/en/docs/control-center/security/software-composition/components.md b/content/en/docs/control-center/security/software-composition/components.md
index 9fd0f9319c2..455dacab2e8 100644
--- a/content/en/docs/control-center/security/software-composition/components.md
+++ b/content/en/docs/control-center/security/software-composition/components.md
@@ -86,9 +86,30 @@ The finding list contains the following information:
* Deprecated components: The current date - The date when the component was deprecated
* Outdated components: The current date - The publish date of the first higher runtime compatible version
+ * Vulnerable components: The number of days since the date when the CVSS score was computed
* Column customization ({{% icon name="view" %}}) — You can customize the columns in the list by clicking the {{% icon name="view" %}} icon and selecting or deselecting options.
+#### Finding and Component Details
+
+If a finding is marked as **Vulnerable**, its corresponding component has a **View Details** button. Clicking it opens a window which includes two sections:
+
+* **Finding Details** – This includes the following details:
+
+ * **Severity** – The severity of the finding, as computed on the [Scoring Criteria](/control-center/scoring-criteria-tab/) tab.
+ * **CVE-ID** – The unique ID which identifies the finding on the **Security Advisories** page.
+ * **CVSS Score 3.1** and **CVSS Score 4.0** – The CVSS score, as computed based on the [NVD Vulnerability Metrics](https://nvd.nist.gov/vuln-metrics) framework.
+ * **Age** – The number of days since the date when the CVSS score was computed.
+ * **Created on** – The date when the component was created.
+ * **Description** – The reason why the component was marked as vulnerable.
+
+* **Components Details** – This includes the following details:
+
+ * **Current Version** – The version of the component affected by this finding.
+ * **Type** – The type of the component affected by this finding.
+ * **Publisher** – The entity that published the component affected by this finding.
+ * **Apps using component** – The number of apps where the vulnerable component is used. Click **View Component Usage** to see a list of affected apps.
+
### Component Usage {#component-component-usage}
The **Component Usage** tab displays a detailed view of all apps and environments where the component is used.
diff --git a/content/en/docs/control-center/security/software-composition/overview.md b/content/en/docs/control-center/security/software-composition/overview.md
index 75f2cd8d1f5..ed17846b5c7 100755
--- a/content/en/docs/control-center/security/software-composition/overview.md
+++ b/content/en/docs/control-center/security/software-composition/overview.md
@@ -105,7 +105,27 @@ The finding list contains the following information:
* **Deprecated since version publish date** — The release date of the version when the component became deprecated.
* Column customization ({{% icon name="view" %}}) — You can customize the columns in the list by clicking the {{% icon name="view" %}} icon and selecting or deselecting options.
-### Component Usage {#overviw-component-usage}
+#### Finding and Component Details
+
+If a finding is marked as **Vulnerable**, its corresponding component has a **View Details** button. Clicking it opens a window which includes two sections:
+
+* **Finding Details** – This includes the following details:
+
+ * **Severity** – The severity of the finding, as computed on the [Scoring Criteria](/control-center/scoring-criteria-tab/) tab.
+ * **CVE-ID** – The unique ID which identifies the finding on the **Security Advisories** page.
+ * **CVSS Score 3.1** and **CVSS Score 4.0** – The CVSS score, as computed based on the [NVD Vulnerability Metrics](https://nvd.nist.gov/vuln-metrics) framework.
+ * **Age** – The number of days since the date when the CVSS score was computed.
+ * **Created on** – The date when the component was created.
+ * **Description** – The reason why the component was marked as vulnerable.
+
+* **Components Details** – This includes the following details:
+
+ * **Current Version** – The version of the component affected by this finding.
+ * **Type** – The type of the component affected by this finding.
+ * **Publisher** – The entity that published the component affected by this finding.
+ * **Apps using component** – The number of apps where the vulnerable component is used. Click **View Component Usage** to see a list of affected apps.
+
+### Component Usage {#overview-component-usage}
The **Component Usage** tab displays a detailed view of all components used within the app.
diff --git a/content/en/docs/control-center/security/software-composition/scoring-criteria.md b/content/en/docs/control-center/security/software-composition/scoring-criteria.md
index 2837434b21f..cca60c1c460 100644
--- a/content/en/docs/control-center/security/software-composition/scoring-criteria.md
+++ b/content/en/docs/control-center/security/software-composition/scoring-criteria.md
@@ -14,14 +14,20 @@ Scoring criteria reflect your company's risk preference.
The settings on this tab determine how each such vulnerability is calculated for apps, environments, and components.
-{{< figure src="/attachments/control-center/security/software-composition/scoring_criteria.png" >}}
+{{< figure src="/attachments/control-center/security/software-composition/scoring_criteria_complete.png" >}}
The default values are strict, but you can adjust them to reflect the practice of your company.
-## Finding Types
+## Finding Types {#finding-types}
The types of findings that you can adjust for are **Outdated** and **Deprecated**.
+### Vulnerable
+
+A finding is generated when a component is published on the [Security Advisories](/releasenotes/security-advisories/) page, and is assigned a specific CVSS score. CVSS scores are based on the [NVD Vulnerability Metrics](https://nvd.nist.gov/vuln-metrics) framework, and cannot be orverriden.
+
+You can choose the combination of CVSS range and severity for which you want a component to be marked as vulnerable.
+
### Outdated
A finding is generated when a component becomes outdated, meaning when a new runtime compatible version is published to the Mendix Marketplace.
diff --git a/content/en/docs/deployment/general/software-composition.md b/content/en/docs/deployment/general/software-composition.md
index ebe4a4bffaa..4714593bf45 100644
--- a/content/en/docs/deployment/general/software-composition.md
+++ b/content/en/docs/deployment/general/software-composition.md
@@ -114,7 +114,26 @@ Different versions of Studio Pro support different component dependencies. For d
The page is divided into two tabs: **Findings** and **Component Usage**. For details on the available fields, refer to the Control Center documentation:
* [Findings](/control-center/overview-tab/#overview-findings)
-* [Component Usage](/control-center/overview-tab/#overviw-component-usage)
+* [Component Usage](/control-center/overview-tab/#overview-component-usage)
+
+#### Finding and Component Details
+
+If a finding is marked as **Vulnerable**, its corresponding component has a **View Details** button. Clicking it opens a window which includes two sections:
+
+* **Finding Details** – This includes the following details:
+
+ * **Severity** – The severity of the finding, as computed on the [Scoring Criteria](/control-center/scoring-criteria-tab/) tab.
+ * **CVE-ID** – The unique ID which identifies the finding on the **Security Advisories** page.
+ * **CVSS Score 3.1** and **CVSS Score 4.0** – The CVSS score, as computed based on the [NVD Vulnerability Metrics](https://nvd.nist.gov/vuln-metrics) framework.
+ * **Age** – The number of days since the date when the CVSS score was computed.
+ * **Created on** – The date when the component was created.
+ * **Description** – The reason why the component was marked as vulnerable.
+
+* **Components Details** – This includes the following details:
+
+ * **Current Version** – The version of the component affected by this finding.
+ * **Type** – The type of the component affected by this finding.
+ * **Publisher** – The entity that published the component affected by this finding.
## Components {#all-components}
@@ -203,6 +222,24 @@ The finding list contains the following information:
* Column customization ({{% icon name="view" %}}) — You can customize the columns in the list by clicking the {{% icon name="view" %}} icon and selecting or deselecting options.
+##### Finding and Component Details
+
+If a finding is marked as **Vulnerable**, its corresponding component has a **View Details** button. Clicking it opens a window which includes two sections:
+
+* **Finding Details** – This includes the following details:
+
+ * **Severity** – The severity of the finding, as computed on the [Scoring Criteria](/control-center/scoring-criteria-tab/) tab.
+ * **CVE-ID** – The unique ID which identifies the finding on the **Security Advisories** page.
+ * **CVSS Score 3.1** and **CVSS Score 4.0** – The CVSS score, as computed based on the [NVD Vulnerability Metrics](https://nvd.nist.gov/vuln-metrics) framework.
+ * **Age** – The number of days since the date when the CVSS score was computed.
+ * **Created on** – The date when the component was created.
+ * **Description** – The reason why the component was marked as vulnerable.
+
+* **Components Details** – This includes the following details:
+
+ * **Current Version** – The version of the component affected by this finding.
+ * **Type** – The type of the component affected by this finding.
+
#### Component Usage {#component-component-usage}
The **Component Usage** tab displays a detailed view of all environments where the component is used.
diff --git a/content/en/docs/releasenotes/control-center/_index.md b/content/en/docs/releasenotes/control-center/_index.md
index b098199db22..b3cac79fdf2 100644
--- a/content/en/docs/releasenotes/control-center/_index.md
+++ b/content/en/docs/releasenotes/control-center/_index.md
@@ -14,6 +14,13 @@ To see the current status of the Mendix Control Center, see [Mendix Status](http
## 2025
+### December 18, 2025
+
+#### New Features
+
+* Software Composition is now enhanced with the ability to view details on components marked as **Vulnerable**. This is available on the [Overview](/control-center/overview-tab/#finding-and-component-details) and the [Components](/control-center/components-tab/#finding-and-component-details) tabs of **Software Composition**, and provides valuable information about the severity and CVSS score of the finding.
+ This release also includes a new finding type on the [Scoring Criteria](/control-center/scoring-criteria-tab/#vulnerable) tab, namely **Vulnerable**.
+
### December 14, 2025
#### New Features
diff --git a/content/en/docs/releasenotes/deployment/mendix-cloud.md b/content/en/docs/releasenotes/deployment/mendix-cloud.md
index e8601086a0c..23ec70b8230 100644
--- a/content/en/docs/releasenotes/deployment/mendix-cloud.md
+++ b/content/en/docs/releasenotes/deployment/mendix-cloud.md
@@ -16,6 +16,12 @@ For information on the current status of deployment to Mendix Cloud and any plan
## 2025
+### December 18, 2025
+
+#### New Features
+
+* Software Composition is now enhanced with the ability to view details on components marked as **Vulnerable**. This is available on the **Overview** and the **Components** tabs of [Software Composition](/developerportal/deploy/software-composition/), and provides valuable information about the severity and CVSS score of the finding.
+
### December 14, 2025
#### Improvements
diff --git a/layouts/partials/landingpage/latest-releases.html b/layouts/partials/landingpage/latest-releases.html
index f8bcfd4c736..fe9efd27fb5 100644
--- a/layouts/partials/landingpage/latest-releases.html
+++ b/layouts/partials/landingpage/latest-releases.html
@@ -14,6 +14,6 @@ Latest Releases
Deployment
- December 14, 2025
+ December 18, 2025
diff --git a/static/attachments/control-center/security/software-composition/scoring_criteria_complete.png b/static/attachments/control-center/security/software-composition/scoring_criteria_complete.png
new file mode 100644
index 00000000000..445cbe28f83
Binary files /dev/null and b/static/attachments/control-center/security/software-composition/scoring_criteria_complete.png differ