Increase in Zero-Day and One-Day Exploits in 2025

First reported

22.01.2026 14:45

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

In 2025, 28.96% of known exploited vulnerabilities (KEVs) were exploited before or on the day of public disclosure, up from 23.6% in 2024. VulnCheck identified 884 new vulnerabilities with evidence of exploitation, a 15% increase from 2024. Network edge devices, content management systems, and open-source software were the most targeted technologies. Time-to-exploitation patterns remained consistent with 2024, with operating systems being the most affected by zero-day and one-day exploits. Ransomware attribution continued to lag behind initial exploitation disclosure.

Timeline

22.01.2026 14:45 1 articles · 23h ago

2025 Sees 15% Increase in Exploited Vulnerabilities
In 2025, VulnCheck identified 884 new vulnerabilities with evidence of exploitation, marking a 15% increase from 2024. Network edge devices, content management systems, and open-source software were the most targeted technologies. Time-to-exploitation patterns remained consistent with 2024, with operating systems being the most affected by zero-day and one-day exploits.
Show sources

Zero-Day Exploits Surge, Nearly 30% of Flaws Attacked Before Disclosure — www.infosecurity-magazine.com — 22.01.2026 14:45
Open in new tab

Information Snippets

28.96% of KEVs were exploited before or on the day of public disclosure in 2025, up from 23.6% in 2024.
First reported: 22.01.2026 14:45

1 source, 1 article
Show sources
- Zero-Day Exploits Surge, Nearly 30% of Flaws Attacked Before Disclosure — www.infosecurity-magazine.com — 22.01.2026 14:45
VulnCheck identified 884 new vulnerabilities with evidence of exploitation in 2025, a 15% increase from 2024.
First reported: 22.01.2026 14:45

1 source, 1 article
Show sources
- Zero-Day Exploits Surge, Nearly 30% of Flaws Attacked Before Disclosure — www.infosecurity-magazine.com — 22.01.2026 14:45
Network edge devices, including firewalls, VPNs, and proxies, were the most frequently targeted technologies with 191 KEVs identified.
First reported: 22.01.2026 14:45

1 source, 1 article
Show sources
- Zero-Day Exploits Surge, Nearly 30% of Flaws Attacked Before Disclosure — www.infosecurity-magazine.com — 22.01.2026 14:45
Content management systems (CMS) and open-source software were also heavily targeted with 163 and 129 KEVs respectively.
First reported: 22.01.2026 14:45

1 source, 1 article
Show sources
- Zero-Day Exploits Surge, Nearly 30% of Flaws Attacked Before Disclosure — www.infosecurity-magazine.com — 22.01.2026 14:45
Time-to-exploitation patterns in 2025 remained consistent with 2024, indicating stable and sustained attacker behavior.
First reported: 22.01.2026 14:45

1 source, 1 article
Show sources
- Zero-Day Exploits Surge, Nearly 30% of Flaws Attacked Before Disclosure — www.infosecurity-magazine.com — 22.01.2026 14:45
Operating systems were most affected by zero-day and one-day vulnerability exploits, with nearly half of the KEVs impacting OS exploited before or just after public disclosure.
First reported: 22.01.2026 14:45

1 source, 1 article
Show sources
- Zero-Day Exploits Surge, Nearly 30% of Flaws Attacked Before Disclosure — www.infosecurity-magazine.com — 22.01.2026 14:45
Old vulnerabilities, disclosed more than four years before exploitation, primarily targeted developer tools, network devices, and hardware.
First reported: 22.01.2026 14:45

1 source, 1 article
Show sources
- Zero-Day Exploits Surge, Nearly 30% of Flaws Attacked Before Disclosure — www.infosecurity-magazine.com — 22.01.2026 14:45
Ransomware attribution continued to lag behind initial exploitation disclosure in 2025.
First reported: 22.01.2026 14:45

1 source, 1 article
Show sources
- Zero-Day Exploits Surge, Nearly 30% of Flaws Attacked Before Disclosure — www.infosecurity-magazine.com — 22.01.2026 14:45

Summary

Timeline

2025 Sees 15% Increase in Exploited Vulnerabilities

Information Snippets