In the first quarter of 2025, 159 CVE identifiers were flagged as being misused in the wild since 151 quarter of 2024.
“The vulnerabilities continue to believe that the vulnerabilities are being exploited at a fast pace, as 28.3% of vulnerabilities have been exploited within one day of CVE disclosure,” Vulncheck said in a report shared with Hacker News.
This leads to 45 security flaws weaponized in actual attacks within one day of disclosure. Within a month, 14 other flaws were exploited, and within a year, 45 more were abused.
The cybersecurity company said that the majority of the exploited vulnerabilities have been identified in content management systems (CMSES), followed by network edge devices, operating systems, open source software and server software.
The breakdown is as follows –
Content Management System (CMS) (35) Network Edge Devices (29) Operating System (24) Open Source Software (14) Server Software (14)
The major vendors and their products exploited during the period are Microsoft Windows (15), Broadcom VMware (6), Cyber Powerpanel (5), Litespeed Technologies (4), and Totolink Routers (4).
“On average, 11.4 kevs were disclosed weekly, with 53 being disclosed per month,” Vulncheck said. “Cisa Kev added 80 vulnerabilities in the quarter, but only 12 people showed no prior public evidence of exploitation.”
Of the 159 vulnerabilities, 25.8% are known to be awaiting or analyzing the NIST National Ulnerability Database (NVD), while 3.1% have been assigned a new “Deferred” status.
According to Verizon’s newly released data breach investigation report in 2025, leveraging vulnerabilities as an initial access step for data breaches has increased by 34%, accounting for 20% of all intrusions.
Data collected by Google-owned Mandiant also revealed that exploits were the most frequently observed early infection vector for the fifth consecutive year, and that stolen qualifications overtook phishing as the second most frequently observed early access vector.
“33% started with exploitation of vulnerabilities due to invasions where early infection vectors were identified,” Mandian said. “This is a decline since 2023, during which exploits represented 38% of early invasion vectors, which is roughly the same as the 2022 exploit percentage.”
That said, despite the attackers’ efforts to avoid detection, defenders continue to improve on identifying compromises.
The median global dwell time, which refers to the number of days an attacker has in the system from compromise to detection, is fixed at 11 days, an increase of one day since 2023.
Source link
