Accelerating pre-disclosure exploitation of known exploited vulnerabilities in 2025
Target Trend
Summary
Hide ▲
Show ▼
Pre-disclosure exploitation of known exploited vulnerabilities (KEVs) accelerated in 2025, increasing the chance that defenders face attacks before patches and public disclosure. VulnCheck measured 28.96% of KEVs exploited before disclosure or on the day reported, up from 23.6% in 2024. The same analysis recorded 884 vulnerabilities with first observed exploitation in 2025, showing a broader and faster exploitation environment. Network edge devices, CMS, and open source software remained the most frequently targeted technology groups.
Related Happenings
Vulnerability exploitation overtakes credentials as top breach entry path
Target Trend
First: 20.05.2026 11:40
Last: 20.05.2026 11:40
Sources 1
About this happening:
**Vulnerability exploitation** became the top initial access vector for **data breaches** over the past year, displacing **compromised credentials** and signaling a major shift in...
Vulnerability exploitation overtakes credentials as top breach entry path
Target TrendAbout this happening: **Vulnerability exploitation** became the top initial access vector for **data breaches** over the past year, displacing **compromised credentials** and signaling a major shift in...
Verizon 2026 DBIR shows vulnerability exploitation as the top breach access trend in 2025
Target Trend
First: 20.05.2026 03:04
Last: 20.05.2026 03:04
Sources 1
About this happening:
**Vulnerability exploitation** became the leading breach access vector in **2025**, increasing compromise risk across **31,000 incidents** and **22,000+ confirmed breaches**. **Un...
Verizon 2026 DBIR shows vulnerability exploitation as the top breach access trend in 2025
Target TrendAbout this happening: **Vulnerability exploitation** became the leading breach access vector in **2025**, increasing compromise risk across **31,000 incidents** and **22,000+ confirmed breaches**. **Un...
NIST/NVD risk-based CVE enrichment change
Public Sector Action
First: 16.04.2026 15:43
Last: 16.04.2026 15:43
Sources 1
About this happening:
**NIST** said the **US National Vulnerability Database (NVD)** will switch to a **risk-based CVE enrichment** model to cope with backlog growth. The change will **drop enrichment...
NIST/NVD risk-based CVE enrichment change
Public Sector ActionAbout this happening: **NIST** said the **US National Vulnerability Database (NVD)** will switch to a **risk-based CVE enrichment** model to cope with backlog growth. The change will **drop enrichment...
CISA KEV remediation lag is widening as exploit timelines shrink
Target Trend
First: 10.04.2026 17:01
Last: 10.04.2026 17:01
Sources 1
About this happening:
**CISA KEV** remediation lag is widening across **10,000 organizations**, leaving enterprise exposures open longer than attackers need to weaponize them. Critical vulnerabilities...
CISA KEV remediation lag is widening as exploit timelines shrink
Target TrendAbout this happening: **CISA KEV** remediation lag is widening across **10,000 organizations**, leaving enterprise exposures open longer than attackers need to weaponize them. Critical vulnerabilities...
AI-generated code is driving a rising CVE trend in March 2026
Target Trend
First: 26.03.2026 18:40
Last: 26.03.2026 18:40
Sources 1
About this happening:
**AI-generated code** is driving a rising **CVE** trend, with **35 disclosures in March 2026** showing a material increase in flaws across **public advisories and open-source proj...
AI-generated code is driving a rising CVE trend in March 2026
Target TrendAbout this happening: **AI-generated code** is driving a rising **CVE** trend, with **35 disclosures in March 2026** showing a material increase in flaws across **public advisories and open-source proj...
Timeline
-
21.01.2026 02:00 3 articles · 4mo ago
VulnCheck reports accelerating pre-disclosure KEV exploitation
Technical Analysis UpdateVulnCheck's State of Exploitation 2026 report found that 28.96% of known exploited vulnerabilities were exploited before public disclosure or on the day they were reported, up from 23.6% in 2024. The analysis identified first-time exploitation evidence for 884 vulnerabilities in 2025, with network edge devices such as firewalls, VPNs and proxies most frequently targeted at 191 KEVs, followed by content management systems at 163 KEVs and open source software at 129 KEVs. Operating systems were heavily affected by zero-day and one-day exploitation, while older vulnerabilities in developer tools, network devices and hardware also remained targets.
Show sources
- Zero-Day Exploits Surge, Nearly 30% of Flaws Attacked Before Disclosure — www.infosecurity-magazine.com — 22.01.2026 14:45
- Zero-Day Exploits Surge, Nearly 30% of Flaws Attacked Before Disclosure — www.infosecurity-magazine.com — 22.01.2026 14:45
- AI-Enabled Adversaries Compress Time-to-Exploit Following Vulnerability Disclosure — www.infosecurity-magazine.com — 18.03.2026 15:00