In a world where software systems are becoming increasingly complex and cyberattacks are rising in both scale and frequency, it remains rare for a Vietnamese enterprise to be formally recognized for its capability to detect and report security vulnerabilities according to international standards. In 2025, the Information Security Engineering Team of HPT Vietnam Corporation (HPT) achieved a remarkable milestone when 35 CVEs discovered by the team were officially acknowledged by global technology vendors and the CVE authority. This accomplishment demonstrates HPT’s deep analytical and exploitation capabilities and marks the maturity of a young engineering team working in a domain that demands extensive expertise and strict discipline.

Sharing about the research journey, Mr. Nguyen Thanh Nam – Deputy CEO and Director of HPT Security Center – said: “We started with the goal of gaining deeper insight into the structure of widely used platforms, and then expanded our research into more complex systems. The deeper we went, the more critical vulnerabilities we discovered—issues that could significantly affect the real-world operations of enterprises.”

It is precisely this passion for learning and the desire to enhance technical capability that motivated HPT’s information security engineers to maintain a high research intensity over many months, including outside of regular working hours.

From PHP Gurukul to Oracle and Swift: Platforms That Demand Deep Core Analysis

Among the 35 CVEs , many were found in WordPress and PHP Gurukul—frameworks that rank among the most widely used in the world. However, what truly captured the attention of the cybersecurity community was the recognition of vulnerabilities on Oracle Financial and the Swift international money transfer system. These platforms feature highly sophisticated security architectures and are typically accessible only to teams with significant, in-depth experience. Working on banking or interbank transfer systems requires the ability to carefully understand system architecture and assess risks at the business process level.

A lesser-known fact is that international technology vendors often maintain extremely strict validation processes. Engineering teams must provide clear exploitation evidence and accurately describe the full impact scope. In many cases, even after a report is submitted, vendors request further clarification or re-evaluate the severity. Some vulnerabilities took more than half a year to be officially recognized. HPT’s engineering team continuously refined and updated their technical explanations so that vendors could correctly understand the nature of each issue.

CVEs discovered by HPT recognized on Oracle’s official security page

A Young Engineering Team Elevating HPT’s Cybersecurity Position

HPT’s engineering team includes many young members who nonetheless possess strong expertise in source-code analysis, system architecture, and security exploitation. Their methodical approach, systematic analysis, and the ability to develop custom proof-of-concept exploits have become the foundation for consistent results. Being listed on the official security advisory pages of Oracle—where previously most contributors were international research groups—is clear evidence of HPT’s professional standing in cybersecurity.

Beyond technical success, the research outcomes deliver significant strategic value for HPT. As enterprises increasingly prioritize cybersecurity, the fact that a Vietnamese technology provider is recognized on the global CVE map greatly enhances HPT’s credibility in projects that require strict security standards.

Illustrative image

HPT considers this achievement an important foundation for expanding its market presence and pursuing the ambition of becoming one of the Top 50 global CVE-contributing vendors under MITRE. This goal reflects the company’s long-term strategic vision and its commitment to building a strong position in the field of information security. HPT will continue to focus on global-scale platforms, deepen its analysis of core architectures, and expand its research into emerging technologies. In a cybersecurity landscape that changes rapidly, HPT’s objective is not only to increase the number of CVEs but to deliver meaningful contributions that create real impact for the security community.

With a strong learning mindset, persistence, and solid technical capabilities, HPT’s young engineering team is playing an increasingly visible role in the global security ecosystem. The achievement of 35 CVEs is more than just a number—it marks the emergence of a new generation of Vietnamese cybersecurity professionals ready to compete and contribute on the international stage.