Surge in Exploited Vulnerabilities: Insights from VulnCheck’s Q1 2025 Report
In a striking revelation, VulnCheck’s recent report highlights a concerning trend in cybersecurity: nearly one-third of vulnerabilities were exploited within just one day of their Common Vulnerabilities and Exposures (CVE) disclosure in the first quarter of 2025. This alarming statistic underscores the urgency for organizations to bolster their defenses against rapidly evolving threats.
The Landscape of Exploitation
VulnCheck, a company specializing in vulnerability threat intelligence, identified 159 actively exploited vulnerabilities from 50 different sources during the first quarter. This figure reflects a marginally faster timeline from CVE disclosure to exploitation compared to the previous year, indicating that attackers are becoming increasingly adept at leveraging newly disclosed vulnerabilities. Patrick Garrity, a security researcher at VulnCheck, emphasized the need for defenders to act swiftly in response to emerging threats while simultaneously addressing their existing vulnerability debt.
Trends from 2024 Carry Over
The findings from VulnCheck align with multiple reports from 2024 that warned of a significant uptick in exploitation incidents. Mandiant noted that exploits were the most common initial infection vector, accounting for one in three attacks last year. Similarly, Verizon reported a 34% increase in exploited vulnerabilities, while IBM X-Force indicated that exploitation of public-facing applications comprised 30% of incident response cases. These statistics paint a clear picture: the threat landscape is becoming increasingly perilous, and organizations must remain vigilant.
Vulnerabilities by Category
The report also sheds light on the types of systems most affected by these vulnerabilities. Content management systems emerged as the largest category of newly known exploited vulnerabilities in Q1, followed closely by network edge devices, operating systems, open-source software, and server software. Notably, the top five categories of actively exploited vulnerabilities are typically public-facing or easily accessible to end users, making them prime targets for attackers.
The persistent targeting of network edge devices is particularly concerning. Researchers have consistently warned about the escalating risks associated with software defects in VPNs, firewalls, and routers since 2024. In Q1 alone, VulnCheck identified 29 new known exploited vulnerabilities in these critical devices and services.
Speed of Exploitation
Beyond the alarming statistic of 48 vulnerabilities exploited within a day of disclosure, VulnCheck also reported 14 additional software defects that were exploited within 31 days. This trend indicates that nearly two-thirds of all new known exploited vulnerabilities identified in the first quarter were exploited within a year of their disclosure. On average, VulnCheck disclosed 11.4 Known Exploited Vulnerabilities (KEVs) weekly, translating to 53 per month, further emphasizing the rapid pace at which vulnerabilities are being targeted.
Sources of Exploitation Evidence
VulnCheck’s report also highlights the key sources of exploitation evidence during the quarter. Shadowserver led the way with evidence of 31 actively exploited vulnerabilities, followed by GreyNoise with 17. The Cybersecurity and Infrastructure Security Agency (CISA) contributed by adding 12 software defects to its known exploited vulnerabilities catalog during the same period. Additionally, the National Institute of Standards and Technology’s National Vulnerability Database analyzed nearly 43% of the 159 new actively exploited vulnerabilities, while 25% remain under analysis.
Conclusion
The findings from VulnCheck’s Q1 2025 report serve as a wake-up call for organizations worldwide. The rapid exploitation of vulnerabilities highlights the critical need for proactive cybersecurity measures. As attackers continue to refine their tactics and exploit newly disclosed vulnerabilities at an alarming rate, it is imperative for defenders to act swiftly and decisively. By prioritizing vulnerability management and staying informed about emerging threats, organizations can better protect themselves in an increasingly hostile digital landscape.