Record Surge in CVE Disclosures and Microsoft Vulnerabilities in 2025
In 2025, the cybersecurity landscape was marked by an unprecedented surge in vulnerability disclosures, with nearly 49,209 CVEs published—representing a 43% increase over the previous year. Microsoft alone issued mitigations for 1,246 CVEs, including 158 rated as critical, and faced 41 zero-day vulnerabilities. Security experts noted that while the volume of vulnerabilities reached new highs, the real risk stemmed from a small subset that were actively exploited, particularly those affecting Microsoft platforms and edge devices. Attackers increasingly leveraged AI and new tactics to exploit vulnerabilities faster, often timing attacks around Patch Tuesday cycles to maximize impact before organizations could apply updates.
The overwhelming number of vulnerabilities forced security teams to rethink their prioritization strategies, as traditional severity ratings like CVSS proved insufficient for predicting exploitation. Instead, models such as the Exploit Prediction Scoring System (EPSS) and asset criticality became essential for identifying which vulnerabilities posed the greatest risk. State-sponsored actors and ransomware groups were responsible for a significant portion of exploitation activity, with remote code execution and privilege escalation flaws being the most targeted. Experts emphasized the need for rapid, risk-based patching and a shift away from patching solely based on severity scores, as attackers focused on speed, exposure, and critical assets rather than the sheer number of vulnerabilities disclosed.
Timeline
Dec 30, 2025
Multiple Microsoft zero-days and lower-scored flaws see active exploitation in 2025
During 2025, several Microsoft vulnerabilities, including ToolShell (CVE-2025-53770), CVE-2025-24993, CVE-2025-24990, CVE-2025-62221, CVE-2025-53779, CVE-2025-26633, CVE-2025-33053, and CVE-2025-30377, were highlighted as actively exploited or especially dangerous. Experts noted that some lower-scored flaws still enabled serious outcomes such as privilege escalation, malware deployment, Preview Pane exploitation, and domain compromise.
Dec 30, 2025
Microsoft addresses 1,246 CVEs during 2025
Across 2025, Microsoft patched 1,246 CVEs, including 158 critical flaws and 41 zero-days. Elevation-of-privilege and remote-code-execution issues made up a significant share of the year's Microsoft vulnerability landscape.
Dec 29, 2025
Security guidance shifts toward EPSS- and asset-aware prioritization for 2026
By the end of 2025, experts recommended moving away from patch-count metrics toward remediation of exploitable risks on critical assets. EPSS, asset criticality, and governance-backed risk acceptance were presented as the basis for vulnerability management in 2026.
Dec 29, 2025
CISA KEV list emerges as key indicator for active vulnerability risk
By late 2025, the CISA Known Exploited Vulnerabilities list was identified as the most reliable signal of active threat exposure and a trigger for incident-level remediation. Security guidance increasingly emphasized KEV-led prioritization over patching based only on volume or CVSS severity.
Dec 29, 2025
State-backed and ransomware exploitation intensifies in 2025
During 2025, state-sponsored actors were responsible for more than half of observed exploitation activity, while ransomware and zero-day attacks also rose sharply. The trend reflected a shift toward more targeted and operationally impactful exploitation.
Dec 29, 2025
Attackers increasingly exploit a small subset of high-risk flaws in 2025
Throughout 2025, most real-world breaches were driven by a relatively small set of vulnerabilities rather than the full volume of disclosed CVEs. Public proof-of-concept availability, likelihood of exploitation, and exposure on critical assets such as identity systems and edge devices were key factors.
Dec 29, 2025
Published CVE count rises to 49,209 in 2025
In 2025, the number of published CVEs reached 49,209, representing a 43% increase over 2024. The increase was attributed to growing software complexity, expanding open-source dependencies, and more CVE Numbering Authorities.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Threat Actors
Sources
Related Stories
Trends in Vulnerability Disclosures and Exploitation in Late 2025
Security researchers and industry analysts report that the number of published vulnerabilities (CVEs) remains high in late 2025, with a notable year-over-year increase in overall volume, despite a temporary slowdown in November attributed to administrative changes at major CVE Numbering Authorities (CNAs). Kaspersky's Q3 2025 analysis highlights that attackers continue to exploit flaws in widely used software such as WinRAR and Microsoft Office, and that the number of critical vulnerabilities (CVSS > 8.9) remains significant, though slightly lower than the previous year. The data suggests that the vulnerability landscape is both expanding and evolving, with attackers leveraging new and existing flaws for exploitation, particularly in Windows and Linux environments. Industry commentary emphasizes that fluctuations in monthly CVE counts are often driven by the operational pace of a few large CNAs, rather than a true reduction in underlying risk. The November 2025 dip in CVE disclosures is linked to internal migrations and process slowdowns at organizations like Patchstack, MITRE, and the Linux kernel ecosystem, rather than a decrease in actual vulnerabilities. Security teams are cautioned not to interpret short-term drops in disclosure volume as a sign of stabilization, as the overall trend points to continued growth in vulnerabilities and persistent exploitation by threat actors.
1 months ago
Critical Vulnerabilities and Exploitation Trends in 2025
Security researchers highlighted several high-impact vulnerabilities that shaped the threat landscape in 2025, including unauthenticated remote code execution flaws in widely used platforms such as React Server Components (CVE-2025-55182), SAP NetWeaver (CVE-2025-31324), PAN-OS (CVE-2025-0108), Cisco IOS XE (CVE-2025-20188), and Erlang/OTP SSH (CVE-2025-32433). These vulnerabilities were notable for their rapid exploitation following public disclosure, with attackers leveraging unauthenticated access and broad software reach to maximize impact. The year saw a shift in attacker focus, with perimeter devices and enterprise software becoming primary entry points, and defenders were forced to respond quickly as the window between disclosure and exploitation narrowed. In December 2025, Microsoft released one of its lightest Patch Tuesday updates, addressing 56 new CVEs. Despite the lower volume, security experts emphasized the importance of prioritizing vulnerabilities that were already exploited, publicly disclosed, or rated as critical with a high likelihood of exploitation. The analysis provided actionable intelligence for defenders, including technology-specific threat insights and resources for mitigating risk. The convergence of these trends underscored the need for rapid vulnerability management and highlighted recurring blind spots in enterprise defense strategies.
1 months ago
Overview of High-Risk Vulnerabilities Exploited in 2025
The cybersecurity landscape in 2025 experienced a significant surge in critical vulnerabilities, with over 21,500 CVEs disclosed in the first half of the year, marking a notable increase from previous years. Among these, several vulnerabilities were actively exploited in the wild, including critical flaws in Langflow (CVE-2025-3248), Microsoft SharePoint Server (CVE-2025-53770, 53771), Sudo (CVE-2025-32463), and Docker Desktop (CVE-2025-9074), each enabling attackers to compromise enterprise infrastructure, escalate privileges, or gain unauthorized access to sensitive systems. These vulnerabilities were highlighted for their technical severity, ease of exploitation, and real-world impact on organizations across various sectors, including government and finance. In addition to these high-profile vulnerabilities, the WordPress ecosystem faced its own set of security challenges, with notable vulnerabilities in popular plugins such as Elementor Website Builder (CVE-2025-11220), WooCommerce (CVE-2025-15033), and All in One SEO (CVE-2025-64295). These flaws exposed millions of websites to risks such as cross-site scripting and sensitive data exposure, emphasizing the importance of timely patching and security updates. The overall trend in 2025 underscored the increasing sophistication and industrialization of cybercriminal operations, with attackers leveraging both newly discovered and well-known vulnerabilities to achieve widespread compromise and persistent access to targeted environments.
1 months ago