As many as 159 CVE identifiers have been flagged as exploited within the wild within the first quarter of 2025, up from 151 in This autumn 2024.
“We proceed to see vulnerabilities being exploited at a quick tempo with 28.3% of vulnerabilities being exploited inside 1-day of their CVE disclosure,” VulnCheck mentioned in a report shared with The Hacker Information.
This interprets to 45 safety flaws which have been weaponized in real-world assaults inside a day of disclosure. Fourteen different flaws have been exploited inside a month, whereas one other 45 flaws have been abused throughout the span of a 12 months.
The cybersecurity firm mentioned a majority of the exploited vulnerabilities have been recognized in content material administration techniques (CMSes), adopted by community edge gadgets, working techniques, open-source software program, and server software program.
The breakdown is as follows –
- Content material Administration Techniques (CMS) (35)
- Community Edge Gadgets (29)
- Working Techniques (24)
- Open Supply Software program (14)
- Server Software program (14)
The main distributors and their merchandise that have been exploited through the time interval are Microsoft Home windows (15), Broadcom VMware (6), Cyber PowerPanel (5), Litespeed Applied sciences (4), and TOTOLINK Routers (4).
“On common, 11.4 KEVs have been disclosed weekly, and 53 per 30 days,” VulnCheck mentioned. “Whereas CISA KEV added 80 vulnerabilities through the quarter, solely 12 confirmed no prior public proof of exploitation.”
Of the 159 vulnerabilities, 25.8% have been discovered to be awaiting or present process evaluation by the NIST Nationwide Vulnerability Database (NVD) and three.1% have been assigned the brand new “Deferred” standing.
In response to Verizon’s newly launched Information Breach Investigations Report for 2025, exploitation of vulnerabilities as an preliminary entry step for information breaches grew by 34%, accounting for 20% of all intrusions.
Information gathered by Google-owned Mandiant has additionally revealed that exploits have been essentially the most steadily noticed preliminary an infection vector for the fifth consecutive 12 months, with stolen credentials overtaking phishing because the second most steadily noticed preliminary entry vector.
“For intrusions wherein an preliminary an infection vector was recognized, 33% started with exploitation of a vulnerability,” Mandiant mentioned. “This can be a decline from 2023, throughout which exploits represented the preliminary intrusion vector for 38% of intrusions, however practically an identical to the share of exploits in 2022, 32%.”
That mentioned, regardless of attackers’ efforts to evade detection, defenders are persevering with to get higher at figuring out compromises.
The worldwide median dwell time, which refers back to the variety of days an attacker is on a system from compromise to detection, has been pegged at 11 days, an improve of someday from 2023.
