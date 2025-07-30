Threat actors are becoming faster at exploiting vulnerabilities and rely more than ever on zero-day exploitation.

According to VulnCheck’s latest report which covered the first half of 2025, almost one-third (32.1%) of vulnerabilities listed in the vulnerability intelligence provider’s Known Exploited Vulnerabilities (KEV) catalog were weaponized either before being detected or within 24 hours of disclosure.

This represents an 8.5% increase from 23.6% in 2024.

In total, VulnCheck added 432 new vulnerabilities in its KEV list in the first half of 2025.

This is already more than half of the 768 Common Vulnerabilities and Exposures (CVEs) that were publicly reported as exploited in VulnCheck’s telemetry in 2024.

Microsoft and Cisco, Top Targeted Vendors

The top categories of vulnerabilities in VulnCheck’s KEV list for the first half of 2025 include:

Content management systems (CMS) at 86, with a dominance of WordPress plugin vulnerabilities Network edge devices at 77, with Cisco, Fortinet, SonicWall, D-Link and Ivanti among the top targeted vendors Server software at 61, with Cyberpower, SAP, Oracle and Sitecore among the top targeted vendors Open-source software at 55 Operating systems (OS) at 38, with a dominance of Microsoft, followed by Apple and Linux

Microsoft was the most targeted vendor overall, with 32 CVEs appearing in VulnCheck’s KEV list for the reported period, followed by Cisco with 10 CVEs.