End-of-life (EOL) is the stage in a product’s lifecycle when the vendor stops providing normal updates, security patches, and technical support. The software or appliance may still run, but it no longer receives routine fixes for newly discovered vulnerabilities or bugs.
In cyber security, EOL status matters because unpatched systems become easier to exploit and harder to defend. Attackers often scan for outdated VPNs, firewalls, gateways, and other perimeter devices that remain exposed after support ends. Once compromised, these systems can give access to trusted network paths, management interfaces, or internal services. Defenders should track asset lifecycles, retire or replace EOL products, and reduce risk with compensating controls such as strict access restrictions, segmentation, logging, and continuous monitoring.