In the first quarter of 2025, a striking total of 159 Common Vulnerabilities and Exposures (CVEs) have been identified as actively exploited in the wild, marking an increase from the 151 CVEs reported in the previous quarter, according to a recent analysis by VulnCheck. The report highlights a concerning trend wherein 28.3% of these vulnerabilities were exploited within one day of their disclosure.
This rapid exploitation translates to 45 security flaws being weaponized for real-world attacks within the crucial first 24 hours following their announcement. Furthermore, 14 other flaws were found to be exploited within a month, and another 45 vulnerabilities were reported to be abused within a year. Such statistics emphasize the urgent need for organizations to prioritize timely patching of vulnerabilities.
The majority of the exploited vulnerabilities were discovered in content management systems (CMSes), which accounted for 35 instances, followed by network edge devices (29), operating systems (24), open source software (14), and server software (14). Major vendors affected during this quarter included Microsoft Windows with 15 exploits, followed by Broadcom VMware (6), Cyber PowerPanel (5), Litespeed Technologies (4), and TOTOLINK Routers (4).
According to VulnCheck, an average of 11.4 Known Exploited Vulnerabilities (KEVs) were disclosed weekly, contributing to a total of 53 per month. Also noteworthy, the Cybersecurity and Infrastructure Security Agency (CISA) added 80 vulnerabilities during this quarter, with only 12 showing no prior public evidence of exploitation. The findings underscore the importance of proactive cybersecurity measures as the landscape of threats continues to evolve.
Moreover, Verizon’s newly released Data Breach Investigations Report for 2025 revealed that the exploitation of vulnerabilities has grown by 34% as an initial access method for data breaches, now accounting for 20% of all intrusions. Data from Mandiant also showed that exploits remain the most frequently observed initial infection vector for the fifth consecutive year.
While there is a slight decline in the percentage of intrusions starting with exploitation of vulnerabilities compared to previous years, the data continues to underscore the critical need for vigilance within the cybersecurity community.