The US cybersecurity company CISA is now conscious of 1,484 software program and {hardware} vulnerabilities which have been exploited within the wild.
All through 2025, the company added 245 safety defects to its Identified Exploited Vulnerabilities (KEV) listing, together with 24 bugs which have been exploited in ransomware assaults.
CISA’s KEV listing has been rising steadily since its public launch in November 2021, and final 12 months marked its largest growth fee over a three-year interval, at 20%.
“After an preliminary surge of added vulnerabilities after the database first launched, progress stabilized in 2023 and 2024, with 187 vulnerabilities added in 2023 and 185 in 2024,” cybersecurity agency Cyble explains.
Many of the weaknesses added to the KEV catalog in 2025 have been new vulnerabilities, however CISA didn’t ignore older bugs both. Final 12 months, 94 flaws disclosed in 2024 and prior have been added to the listing.
The oldest vulnerability added to the CISA KEV in 2025 was CVE-2007-0671, a distant code execution (RCE) difficulty in Microsoft Workplace.
As Cyble notes, “the oldest vulnerability within the catalog stays one from 2002 – CVE-2002-0367, a privilege escalation vulnerability within the Home windows NT and Home windows 2000 smss.exe debugging subsystem that has been identified for use in ransomware assaults.”
Of the 24 safety defects exploited by ransomware teams, the extensively exploited CitrixBleed 2 (CVE-2025-5777) and Oracle E-Enterprise Suite (CVE-2025-61882 and CVE-2025-61884) flaws stand out, primarily as a consequence of their broad affect.Commercial. Scroll to proceed studying.
New vulnerabilities in Fortinet, Ivanti, Microsoft, Mitel, SAP, and SonicWall merchandise have been focused in ransomware assaults as effectively.
Cyble’s evaluation of the 2025 additions to the CISA KEV listing reveals that OS command injection, deserialization of untrusted knowledge, path traversal, use-after-free, out-of-bounds write, XSS, code injection, and improper authentication have been probably the most distinguished kinds of bugs.
Federal companies, organizations of all sizes, and software program builders ought to monitor the KEV listing to higher defend their environments and improve consciousness of the most typical weaknesses that risk actors are focusing on in assaults.
Associated: CISA Warns of Exploited Flaw in Asus Replace Instrument
Associated: CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Assault
Associated: CISA Confirms Exploitation of Latest Oracle Identification Supervisor Vulnerability
Associated: CISA Updates Steerage on Patching Cisco Units Focused in China-Linked Assaults
