Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	The Company has implemented processes to assess, identify and manage material risks resulting from cybersecurity incidents. Our Cybersecurity program and processes are based upon the International Standards Organization (“ISO”) guidance on information security. The Company’s processes used to identify, assess, and mitigate cybersecurity risks are integrated into the Company’s broader risk management system and processes, including through the risk management activities of the Board and its Audit Committee, our Enterprise Risk Management Committee (“ERM Committee”), and our internal audit and information technology functions. Refer to Part I, Item 1A, “Risk Factors—We are subject to cybersecurity risks and may experience cyber incidents resulting in disruption or harm to our businesses” of this Report for further discussion of our processes for managing cybersecurity risks. Board Oversight of Cybersecurity Matters The Board considers oversight of CVR Energy’s risks and risk management activities, including those related to cybersecurity risk, to be a responsibility of the entire Board. The Board also delegates certain risk oversight responsibilities to certain of its committees, and oversight of the Company’s cybersecurity risk is delegated by the Board to its Audit Committee. The Audit Committee receives regular reports, typically on a quarterly basis, from management regarding information technology, cybersecurity risk, AI use and governance, and efforts to prevent and mitigate such risks. The Chairperson of the Audit Committee subsequently reports on these activities to the full Board, which equips the Board and its committees to fulfill their risk oversight role. The Board and Audit Committee are supported in their oversight capacity by the Company’s ERM Committee, and internal audit and information technology functions. On a quarterly basis, the ERM Committee evaluates past, existing, and future risks to the Company; the likelihood, severity, and velocity of such risks; and the controls and mitigation tools implemented to address such risk. Several members of the ERM Committee have functional responsibility for the Company’s information technology and cybersecurity risk monitoring activities and provide expertise to the ERM Committee in those areas. Likewise, the Company’s internal audit function periodically performs audit engagements focused on information technology processes and cybersecurity risks. These audits have provided the Company with assessments of the effectiveness and efficiency of our information technology and cyber threat management processes with the goal of safeguarding Company assets and information. Management of Cybersecurity Matters At the management level, the Company’s cybersecurity risk management activities are led by our Chief Executive Officer and his executive team and is integrated into the day-to-day activities of the Company’s information technology function led by our Chief Information Officer, who operates under the supervision of our Chief Financial Officer, and reports regularly to the Audit Committee on cybersecurity risks, typically on a quarterly basis. The Company’s information technology function has a dedicated cybersecurity team comprised of employees with, on average, nearly 20 years of experience and expertise in cybersecurity, and includes individuals with degrees in Computer Studies and cybersecurity-related certifications including Certified Information Systems Security Specialist (CISSP), Certified in Risk and Information Systems Controls (CRISC), and Certified Information Security Manager (CISM). Management utilizes certain tools and controls to detect, monitor, prevent, mitigate, and remediate cybersecurity threats to our systems, networks, applications, and data. Management also conducts annual cybersecurity training and periodic phishing tests, which provide contemporaneous feedback and instruction to our employees and seek to strengthen the Company’s defenses against cyber threats. Management also monitors AI usage and has implemented a framework that tracks use and is governed by CVR Energy’s Artificial Intelligence Policy, which was most recently updated in 2024, and includes a review and approval process for adopting use of AI tools. Such governance activities are designed to mitigate the risks presented by AI. Management also monitors AI usage and has implemented a framework that tracks use and is governed by the Company’s Artificial Intelligence Policy, which was most recently updated in 2024, and includes a review and approval process for adopting use of AI tools. Such governance activities are designed to mitigate the risks presented by AI. Lastly, management maintains information security incident response processes to guide response and mitigate impact in the event of a cybersecurity incident. A third-party cybersecurity service provider is on retainer to assist the Company should a cybersecurity incident occur. Engagement of Third Parties The ERM Committee, internal audit function, information technology function and various other groups each occasionally engage third-party service providers to assist in their management of cybersecurity risk, including but not limited to cybersecurity vendors, assessors, consultants, auditors, and other third parties. The information technology function maintains processes to oversee and identify cyber risks associated with the Company’s use of third-party service providers who may have access to sensitive Company data and systems. Material Impact on Company During 2024, the Company did not experience any cybersecurity threats or incidents that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	The Company has implemented processes to assess, identify and manage material risks resulting from cybersecurity incidents. Our Cybersecurity program and processes are based upon the International Standards Organization (“ISO”) guidance on information security. The Company’s processes used to identify, assess, and mitigate cybersecurity risks are integrated into the Company’s broader risk management system and processes, including through the risk management activities of the Board and its Audit Committee, our Enterprise Risk Management Committee (“ERM Committee”), and our internal audit and information technology functions.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	The Board considers oversight of CVR Energy’s risks and risk management activities, including those related to cybersecurity risk, to be a responsibility of the entire Board. The Board also delegates certain risk oversight responsibilities to certain of its committees, and oversight of the Company’s cybersecurity risk is delegated by the Board to its Audit Committee. The Audit Committee receives regular reports, typically on a quarterly basis, from management regarding information technology, cybersecurity risk, AI use and governance, and efforts to prevent and mitigate such risks. The Chairperson of the Audit Committee subsequently reports on these activities to the full Board, which equips the Board and its committees to fulfill their risk oversight role. The Board and Audit Committee are supported in their oversight capacity by the Company’s ERM Committee, and internal audit and information technology functions. On a quarterly basis, the ERM Committee evaluates past, existing, and future risks to the Company; the likelihood, severity, and velocity of such risks; and the controls and mitigation tools implemented to address such risk. Several members of the ERM Committee have functional responsibility for the Company’s information technology and cybersecurity risk monitoring activities and provide expertise to the ERM Committee in those areas. Likewise, the Company’s internal audit function periodically performs audit engagements focused on information technology processes and cybersecurity risks. These audits have provided the Company with assessments of the effectiveness and efficiency of our information technology and cyber threat management processes with the goal of safeguarding Company assets and information.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Board also delegates certain risk oversight responsibilities to certain of its committees, and oversight of the Company’s cybersecurity risk is delegated by the Board to its Audit Committee.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Audit Committee receives regular reports, typically on a quarterly basis, from management regarding information technology, cybersecurity risk, AI use and governance, and efforts to prevent and mitigate such risks. The Chairperson of the Audit Committee subsequently reports on these activities to the full Board, which equips the Board and its committees to fulfill their risk oversight role.
Cybersecurity Risk Role of Management [Text Block]	Management of Cybersecurity Matters At the management level, the Company’s cybersecurity risk management activities are led by our Chief Executive Officer and his executive team and is integrated into the day-to-day activities of the Company’s information technology function led by our Chief Information Officer, who operates under the supervision of our Chief Financial Officer, and reports regularly to the Audit Committee on cybersecurity risks, typically on a quarterly basis. The Company’s information technology function has a dedicated cybersecurity team comprised of employees with, on average, nearly 20 years of experience and expertise in cybersecurity, and includes individuals with degrees in Computer Studies and cybersecurity-related certifications including Certified Information Systems Security Specialist (CISSP), Certified in Risk and Information Systems Controls (CRISC), and Certified Information Security Manager (CISM). Management utilizes certain tools and controls to detect, monitor, prevent, mitigate, and remediate cybersecurity threats to our systems, networks, applications, and data. Management also conducts annual cybersecurity training and periodic phishing tests, which provide contemporaneous feedback and instruction to our employees and seek to strengthen the Company’s defenses against cyber threats. Management also monitors AI usage and has implemented a framework that tracks use and is governed by CVR Energy’s Artificial Intelligence Policy, which was most recently updated in 2024, and includes a review and approval process for adopting use of AI tools. Such governance activities are designed to mitigate the risks presented by AI. Management also monitors AI usage and has implemented a framework that tracks use and is governed by the Company’s Artificial Intelligence Policy, which was most recently updated in 2024, and includes a review and approval process for adopting use of AI tools. Such governance activities are designed to mitigate the risks presented by AI. Lastly, management maintains information security incident response processes to guide response and mitigate impact in the event of a cybersecurity incident. A third-party cybersecurity service provider is on retainer to assist the Company should a cybersecurity incident occur.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	At the management level, the Company’s cybersecurity risk management activities are led by our Chief Executive Officer and his executive team and is integrated into the day-to-day activities of the Company’s information technology function led by our Chief Information Officer, who operates under the supervision of our Chief Financial Officer, and reports regularly to the Audit Committee on cybersecurity risks, typically on a quarterly basis.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	The Company’s information technology function has a dedicated cybersecurity team comprised of employees with, on average, nearly 20 years of experience and expertise in cybersecurity, and includes individuals with degrees in Computer Studies and cybersecurity-related certifications including Certified Information Systems Security Specialist (CISSP), Certified in Risk and Information Systems Controls (CRISC), and Certified Information Security Manager (CISM).
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	At the management level, the Company’s cybersecurity risk management activities are led by our Chief Executive Officer and his executive team and is integrated into the day-to-day activities of the Company’s information technology function led by our Chief Information Officer, who operates under the supervision of our Chief Financial Officer, and reports regularly to the Audit Committee on cybersecurity risks, typically on a quarterly basis.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

The Company has implemented processes to assess, identify and manage material risks resulting from cybersecurity incidents. Our Cybersecurity program and processes are based upon the International Standards Organization (“ISO”) guidance on information security. The Company’s processes used to identify, assess, and mitigate cybersecurity risks are integrated into the Company’s broader risk management system and processes, including through the risk management activities of the Board and its Audit Committee, our Enterprise Risk Management Committee (“ERM Committee”), and our internal audit and information technology functions. Refer to Part I, Item 1A, “Risk Factors—We are subject to cybersecurity risks and may experience cyber incidents resulting in disruption or harm to our businesses” of this Report for further discussion of our processes for managing cybersecurity risks.

Board Oversight of Cybersecurity Matters

The Board considers oversight of CVR Energy’s risks and risk management activities, including those related to cybersecurity risk, to be a responsibility of the entire Board. The Board also delegates certain risk oversight responsibilities to certain of its committees, and oversight of the Company’s cybersecurity risk is delegated by the Board to its Audit Committee. The Audit Committee receives regular reports, typically on a quarterly basis, from management regarding information technology, cybersecurity risk, AI use and governance, and efforts to prevent and mitigate such risks. The Chairperson of the Audit Committee subsequently reports on these activities to the full Board, which equips the Board and its committees to fulfill their risk oversight role.

The Board and Audit Committee are supported in their oversight capacity by the Company’s ERM Committee, and internal audit and information technology functions. On a quarterly basis, the ERM Committee evaluates past, existing, and future risks to the Company; the likelihood, severity, and velocity of such risks; and the controls and mitigation tools implemented to address such risk. Several members of the ERM Committee have functional responsibility for the Company’s information technology and cybersecurity risk monitoring activities and provide expertise to the ERM Committee in those areas.

Likewise, the Company’s internal audit function periodically performs audit engagements focused on information technology processes and cybersecurity risks. These audits have provided the Company with assessments of the effectiveness and efficiency of our information technology and cyber threat management processes with the goal of safeguarding Company assets and information.

Management of Cybersecurity Matters

At the management level, the Company’s cybersecurity risk management activities are led by our Chief Executive Officer and his executive team and is integrated into the day-to-day activities of the Company’s information technology function led by our Chief Information Officer, who operates under the supervision of our Chief Financial Officer, and reports regularly to the Audit Committee on cybersecurity risks, typically on a quarterly basis. The Company’s information technology function has a dedicated cybersecurity team comprised of employees with, on average, nearly 20 years of experience and expertise in cybersecurity, and includes individuals with degrees in Computer Studies and cybersecurity-related certifications including

Certified Information Systems Security Specialist (CISSP), Certified in Risk and Information Systems Controls (CRISC), and Certified Information Security Manager (CISM).

Management utilizes certain tools and controls to detect, monitor, prevent, mitigate, and remediate cybersecurity threats to our systems, networks, applications, and data. Management also conducts annual cybersecurity training and periodic phishing tests, which provide contemporaneous feedback and instruction to our employees and seek to strengthen the Company’s defenses against cyber threats. Management also monitors AI usage and has implemented a framework that tracks use and is governed by CVR Energy’s Artificial Intelligence Policy, which was most recently updated in 2024, and includes a review and approval process for adopting use of AI tools. Such governance activities are designed to mitigate the risks presented by AI. Management also monitors AI usage and has implemented a framework that tracks use and is governed by the Company’s Artificial Intelligence Policy, which was most recently updated in 2024, and includes a review and approval process for adopting use of AI tools. Such governance activities are designed to mitigate the risks presented by AI. Lastly, management maintains information security incident response processes to guide response and mitigate impact in the event of a cybersecurity incident. A third-party cybersecurity service provider is on retainer to assist the Company should a cybersecurity incident occur.

Engagement of Third Parties

The ERM Committee, internal audit function, information technology function and various other groups each occasionally engage third-party service providers to assist in their management of cybersecurity risk, including but not limited to cybersecurity vendors, assessors, consultants, auditors, and other third parties. The information technology function maintains processes to oversee and identify cyber risks associated with the Company’s use of third-party service providers who may have access to sensitive Company data and systems.

Material Impact on Company

During 2024, the Company did not experience any cybersecurity threats or incidents that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition.

Cybersecurity Risk Management Processes Integrated [Text Block]

The Company has implemented processes to assess, identify and manage material risks resulting from cybersecurity incidents. Our Cybersecurity program and processes are based upon the International Standards Organization (“ISO”) guidance on information security. The Company’s processes used to identify, assess, and mitigate cybersecurity risks are integrated into the Company’s broader risk management system and processes, including through the risk management activities of the Board and its Audit Committee, our Enterprise Risk Management Committee (“ERM Committee”), and our internal audit and information technology functions.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Board of Directors Oversight [Text Block]

The Board considers oversight of CVR Energy’s risks and risk management activities, including those related to cybersecurity risk, to be a responsibility of the entire Board. The Board also delegates certain risk oversight responsibilities to certain of its committees, and oversight of the Company’s cybersecurity risk is delegated by the Board to its Audit Committee. The Audit Committee receives regular reports, typically on a quarterly basis, from management regarding information technology, cybersecurity risk, AI use and governance, and efforts to prevent and mitigate such risks. The Chairperson of the Audit Committee subsequently reports on these activities to the full Board, which equips the Board and its committees to fulfill their risk oversight role.

The Board and Audit Committee are supported in their oversight capacity by the Company’s ERM Committee, and internal audit and information technology functions. On a quarterly basis, the ERM Committee evaluates past, existing, and future risks to the Company; the likelihood, severity, and velocity of such risks; and the controls and mitigation tools implemented to address such risk. Several members of the ERM Committee have functional responsibility for the Company’s information technology and cybersecurity risk monitoring activities and provide expertise to the ERM Committee in those areas.

Likewise, the Company’s internal audit function periodically performs audit engagements focused on information technology processes and cybersecurity risks. These audits have provided the Company with assessments of the effectiveness and efficiency of our information technology and cyber threat management processes with the goal of safeguarding Company assets and information.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Audit Committee receives regular reports, typically on a quarterly basis, from management regarding information technology, cybersecurity risk, AI use and governance, and efforts to prevent and mitigate such risks. The Chairperson of the Audit Committee subsequently reports on these activities to the full Board, which equips the Board and its committees to fulfill their risk oversight role.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

The Company’s information technology function has a dedicated cybersecurity team comprised of employees with, on average, nearly 20 years of experience and expertise in cybersecurity, and includes individuals with degrees in Computer Studies and cybersecurity-related certifications including

Certified Information Systems Security Specialist (CISSP), Certified in Risk and Information Systems Controls (CRISC), and Certified Information Security Manager (CISM).

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true