Rising Vulnerabilities: Key Insights from the 2025 CISA KEV Report

The landscape of cybersecurity continues to evolve, with a marked increase in known exploited vulnerabilities (KEVs) reported in 2025. This trend has been highlighted in an analysis by Cyble, which scrutinized the data from the Cybersecurity and Infrastructure Security Agency (CISA).

Riding the Wave of Vulnerabilities

Following a period of stabilization in 2024, the rise in known exploited vulnerabilities gained momentum in 2025. CISA’s catalog saw an addition of 245 vulnerabilities that year, leading to an impressive growth rate of approximately 20%. This uptick compares significantly to the 185 vulnerabilities added in the preceding two years, resulting in growth rates of about 21% for 2023 and a reduced 17% for 2024. As of the end of 2025, the total number of vulnerabilities cataloged reached 1,484, illustrating the growing risks associated with various software and hardware flaws.

A Closer Look at Historical Vulnerabilities

Interestingly, the catalog also noted a rise in older vulnerabilities added to the KEV database. In 2025, CISA recorded 94 vulnerabilities from 2024 and previous years, which marks a noteworthy 45% increase when compared to the average of 65 older vulnerabilities added in 2023 and 2024. This focus on historically significant vulnerabilities underlines the ongoing threat they pose.

Among the older vulnerabilities, CVE-2007-0671, a Microsoft Office Excel Remote Code Execution flaw, took the spotlight as the most dated addition in 2025. Meanwhile, the oldest vulnerability still present in the KEV catalog remains CVE-2002-0367, a privilege escalation flaw linked to ransomware attacks.

Ransomware’s Targeted Threats

A total of 24 new vulnerabilities added to the KEV catalog in 2025 were identified as being actively exploited by ransomware groups. Notable among these were vulnerabilities like CVE-2025-5777, commonly referred to as “CitrixBleed 2,” and the vulnerabilities in Oracle E-Business Suite exploited by the notorious CL0P ransomware gang. Vendors like Microsoft, Fortinet, and Oracle featured prominently in this year’s alarming trends, with numerous vulnerabilities marked for exploitation.

Prominent Players in the Vulnerability Game

As in previous years, Microsoft led the pack with the highest number of vulnerabilities recorded in the CISA KEV additions, with 39 vulnerabilities in 2025, a slight rise from 36 in 2024. Other tech giants such as Apple, Cisco, and Google Chromium followed, each contributing between seven and nine vulnerabilities to the KEV catalog. In a positive development, several vendors, including Adobe, VMware, and Palo Alto Networks, demonstrated improvements in their security measures, showing a decrease in vulnerabilities compared to the previous year.

Common Weaknesses on the Rise

Among the vulnerabilities added to the KEV catalog, a consistent list of common software weaknesses emerged. Cyble identified eight specific weaknesses that were prevalent among the 2025 KEV additions:

• CWE-78: OS Command Injection accounted for 18 vulnerabilities.
• CWE-502: Deserialization of Untrusted Data impacted 14 vulnerabilities.
• CWE-22: Path Traversal appeared in 13 instances.
• CWE-416: Use After Free was noted in 11 cases.
• CWE-787: Out-of-bounds Write was represented in 10 vulnerabilities.
• CWE-79: Cross-site Scripting appeared seven times.
• CWE-94 and CWE-287: Code Injection and Improper Authentication were also noted six times each.

This consistent identification of vulnerabilities calls for a focused approach in cybersecurity strategies across various sectors.

In sum, the CISA KEV report for 2025 paints a clear picture of a dynamic threat landscape requiring ongoing vigilance and adaptation from software developers and IT security professionals alike.