VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025 | CyberScoop<\/title> <meta name=\"description\" content=\"The vulnerability threat intelligence firm\u2019s research reinforces a slew of recent reports warning about increased exploits in 2024.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/vulncheck-known-exploited-cves-q1-2025\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025\"> <meta property=\"og:description\" content=\"The vulnerability threat intelligence firm\u2019s research reinforces a slew of recent reports warning about increased exploits in 2024.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/vulncheck-known-exploited-cves-q1-2025\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-04-24T22:57:32+00:00\"> <meta property=\"article:modified_time\" content=\"2025-04-24T22:57:35+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/vulncheck-spotted-159-actively-exploited-vulnerabilities-in-first-few-months-of-2025-1.png\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1080\"> <meta property=\"og:image:type\" content=\"image\/png\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1744740145g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1745421713g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1740691656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=a815169637cf454b7376\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/84293\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=84293\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fvulncheck-known-exploited-cves-q1-2025%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fvulncheck-known-exploited-cves-q1-2025%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-84293 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/vulncheck-known-exploited-cves-q1-2025\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.9180327868852\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.377647058824\">\n<div class=\"single-article__header-content\" readability=\"34.419512195122\">\n<p> The vulnerability threat intelligence firm\u2019s research reinforces a slew of recent reports warning about increased exploits in 2024. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/84293\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"360\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/vulncheck-spotted-159-actively-exploited-vulnerabilities-in-first-few-months-of-2025.png?resize=640%2C360&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"cybersecurity\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/vulncheck-spotted-159-actively-exploited-vulnerabilities-in-first-few-months-of-2025-1.png 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/vulncheck-spotted-159-actively-exploited-vulnerabilities-in-first-few-months-of-2025-1.png?resize=300,168 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/vulncheck-spotted-159-actively-exploited-vulnerabilities-in-first-few-months-of-2025-1.png?resize=768,432 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/vulncheck-spotted-159-actively-exploited-vulnerabilities-in-first-few-months-of-2025-1.png?resize=1024,576 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/vulncheck-spotted-159-actively-exploited-vulnerabilities-in-first-few-months-of-2025-1.png?resize=1536,864 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/vulncheck-spotted-159-actively-exploited-vulnerabilities-in-first-few-months-of-2025-1.png?resize=600,337 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/vulncheck-spotted-159-actively-exploited-vulnerabilities-in-first-few-months-of-2025-1.png?resize=1200,675 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/vulncheck-spotted-159-actively-exploited-vulnerabilities-in-first-few-months-of-2025-1.png?resize=1500,843 1500w\" sizes=\"(max-width: 1200px) 100vw, 1200px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"29.209036316843\"><body readability=\"61.510499139415\"><\/p>\n<p>Attackers exploited nearly a third of vulnerabilities within a day of CVE disclosure in the first quarter of 2025, VulnCheck said in a <a href=\"https:\/\/vulncheck.com\/blog\/exploitation-trends-q1-2025\">report<\/a> released Thursday. The company, which focuses on vulnerability threat intelligence, identified 159 actively exploited vulnerabilities from 50 sources during the quarter.<\/p>\n<p>The time from CVE disclosure to evidence of exploitation in the first quarter was marginally faster than what VulnCheck observed during 2024, Patrick Garrity, security researcher at the company, said in the report. \u201cThis demonstrates the need for defenders to move fast on emerging threats while continuing to burn down their vulnerability debt,\u201d Garrity wrote. <\/p>\n<p>VulnCheck\u2019s research reinforces multiple recent reports that warned about increased exploits in 2024. Mandiant said exploits were the <a href=\"https:\/\/cyberscoop.com\/mandiant-m-trends-2025\/\">most common initial infection vector<\/a> last year, representing 1 of every 3 attacks. Verizon reported a <a href=\"https:\/\/cyberscoop.com\/verizon-data-breach-investigations-report-2025\/\">34% increase in exploited vulnerabilities<\/a>, and IBM X-Force said exploitation of public-facing applications accounted for <a href=\"https:\/\/cyberscoop.com\/ibm-x-force-threat-intelligence-index-2025\/\">30% of incident response cases<\/a> last year.<\/p>\n<p>Content management systems contained the largest share of new known exploited vulnerabilities in Q1, followed by network edge devices, operating systems, open-source software and server software, according to VulnCheck. Researchers noted that the top five categories associated with new actively exploited vulnerabilities are typically public-facing or accessible to end users. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The rankings underscore a worrying trend involving the persistent and successful targeting of network edge devices. Researchers have been consistent in warning defenders about ongoing and escalating impacts of actively exploited software defects in VPNs, firewalls and routers since 2024. <\/p>\n<p>VulnCheck identified 29 new known exploited vulnerabilities in these devices and services in Q1.<\/p>\n<p>Beyond the 48 vulnerabilities that were actively exploited within a day of CVE disclosure, VulnCheck identified 14 additional software defects exploited within 31 days of disclosure. Nearly two-thirds of all new known exploited vulnerabilities identified in the first quarter were exploited within a year of disclosure, according to VulnCheck.<\/p>\n<p>\u201cOn average, 11.4 KEVs were disclosed weekly, and 53 per month,\u201d the report said. <\/p>\n<p>VulnCheck also named the top sources of exploitation evidence during the quarter. Shadowserver disclosed evidence of 31 actively exploited vulnerabilities, followed by GreyNoise at 17. The Cybersecurity and Infrastructure Security Agency added 12 software defects to its known exploited vulnerabilities catalog during the quarter. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The National Institute of Standards and Technology\u2019s National Vulnerability Database analyzed nearly 43% of the 159 new actively exploited vulnerabilities identified during the quarter, while 25% are still waiting or undergoing analysis, according to VulnCheck.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.0380710659898\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/vulncheck-spotted-159-actively-exploited-vulnerabilities-in-first-few-months-of-2025.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/vulncheck-known-exploited-cves-q1-2025\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>VulnCheck spotted 159 actively exploited vulnerabilities in first few months<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1209,78,452,4182,1766,646,256,1963,4186,4136,643],"tags":[668,86,454,4184,1771,650,262,1964,4188,4140,645],"class_list":["post-7568","post","type-post","status-publish","format-standard","hentry","category-cisa","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-ibm-x-force","category-known-exploited-vulnerabilities-kev","category-mandiant","category-research","category-verizon-data-breach-investigations-report","category-verizon-dbir","category-vulncheck","category-vulnerabilities","tag-cisa","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-ibm-x-force","tag-known-exploited-vulnerabilities-kev","tag-mandiant","tag-research","tag-verizon-data-breach-investigations-report","tag-verizon-dbir","tag-vulncheck","tag-vulnerabilities"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisa\/\" rel=\"category tag\">CISA<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ibm-x-force\/\" rel=\"category tag\">IBM X-Force<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/known-exploited-vulnerabilities-kev\/\" rel=\"category tag\">known exploited vulnerabilities (KEV)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mandiant\/\" rel=\"category tag\">Mandiant<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/verizon-data-breach-investigations-report\/\" rel=\"category tag\">Verizon Data Breach Investigations Report<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/verizon-dbir\/\" rel=\"category tag\">Verizon DBIR<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulncheck\/\" rel=\"category tag\">VulnCheck<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a>","tag_info":"vulnerabilities","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7568","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7568"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7568\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7568"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7568"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7568"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7568,"date":"2025-04-24T17:57:32","date_gmt":"2025-04-24T22:57:32","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=84293"},"modified":"2025-04-24T17:57:32","modified_gmt":"2025-04-24T22:57:32","slug":"vulncheck-spotted-159-actively-exploited-vulnerabilities-in-first-few-months-of-2025","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/04\/24\/vulncheck-spotted-159-actively-exploited-vulnerabilities-in-first-few-months-of-2025\/","title":{"rendered":"VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025"},"content":{"rendered":"