As reported by The Cyber Express, the landscape of known exploited vulnerabilities experienced a notable acceleration in growth during 2025, reversing a trend of stabilization observed in the previous year. Analysis of the Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerability (KEV) catalog reveals a significant increase in newly identified and exploited flaws.Cyble's analysis indicates that 245 vulnerabilities were added to the CISA KEV catalog in 2025, representing a roughly 20% growth rate and a substantial increase compared to the 185 and 187 vulnerabilities added in 2024 and 2023, respectively. This surge includes a nearly 45% rise in older vulnerabilities being added, with the oldest identified flaw dating back to 2007. Notably, 24 of the vulnerabilities added in 2025 were confirmed to be exploited by ransomware groups, targeting vendors such as Microsoft, Apple, and Oracle. Common weakness enumerations like OS Command Injection (CWE-78) and Deserialization of Untrusted Data (CWE-502) were among the most prevalent software weaknesses exploited.The reacceleration of exploited vulnerability growth in 2025 underscores the persistent and evolving threat posed by cyberattacks. The increasing inclusion of older vulnerabilities suggests that legacy systems remain a significant target. This trend highlights the critical need for organizations to maintain robust patch management practices and proactively address identified weaknesses.Source: The Cyber Express
Ransomware, Security Operations, Vulnerability Management, Patch/Configuration Management
Exploited vulnerabilities accelerated in 2025, CISA KEV catalog shows

An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



