In 2025, the cybersecurity world faced an unprecedented surge of newly discovered software vulnerabilities. According to a recent report by VulnCheck, more than 40,000 vulnerabilities were published last year, yet only 1% of these flaws were actively exploited in real-world attacks.
Caitlin Condon, Vice President of Security Research at VulnCheck, emphasized that the explosion of reported vulnerabilities is overwhelming defenders. “The growth in CVE volume is massive, and defenders don’t know what to prioritize,” she said. Many security teams continue to focus on theoretical exploits or low-risk defects, often at the expense of actively exploited threats.
Edge Devices Remain Prime Targets
The report highlights that vulnerabilities in network edge devices were the most frequently exploited. These devices, which control access to corporate networks and secure communications, accounted for 28% of the top targeted products in 2025. Many of these systems still run code bases that haven’t significantly changed in a decade, making them particularly susceptible to automated attack techniques.
“Threat actors are far more organized than defenders in most cases,” Condon noted. Security teams must operate under the assumption that new zero-day vulnerabilities in edge devices can appear at any time, and patches may quickly be reverse-engineered for malicious use.
High-Impact Vulnerabilities and Exploit Trends
VulnCheck’s report identifies the top 50 routinely exploited vulnerabilities, all of which had at least 20 working public exploits and were associated with multiple state-sponsored or cybercrime threat groups. Many of these vulnerabilities were also linked to ransomware campaigns and botnet activity.
Notably, four zero-day flaws in Microsoft SharePoint—including CVE-2025-53770 and CVE-2025-53771—compromised more than 400 organizations, including U.S. federal agencies such as the Departments of Energy, Homeland Security, and Health and Human Services. Collectively, these SharePoint vulnerabilities had 69 confirmed exploits and were targeted by 29 distinct threat groups and 18 ransomware variants.
Vendor Vulnerability Rankings
In 2025, some software vendors were repeatedly targeted:
- Microsoft: 9 vulnerabilities
- Ivanti: 5 vulnerabilities
- Fortinet: 4 vulnerabilities
- VMware: 3 vulnerabilities
- SonicWall & Oracle: 2 vulnerabilities each
The React2Shell vulnerability in React Server Components emerged as the most exploited defect of the year. Despite being publicly disclosed by Meta and React, it was weaponized within a month, resulting in 236 validated public exploits and affecting more than 60 organizations in the initial attack wave.
The Urgent Call for Risk-Based Prioritization
Condon stressed that the current vulnerability management model is unsustainable. Organizations must move beyond relying solely on CVSS scores and focus on known exploited vulnerabilities. Additionally, the industry needs to rethink how software and network devices are designed, emphasizing resilience, patchability, and long-term security architecture.
“We’re not just dealing with a single vendor or technology. The threat landscape is growing across the board,” she said. “We must assess how technology evolves to withstand these attacks and be realistic about the current state of cybersecurity.”
