In Q1 2025, 159 CVEs were exploited in the wild, up from 151 in Q4 2024. VulnCheck reported that 28.3% (45 CVEs) were exploited within 1 day of disclosure, highlighting a rapid weaponization trend. The most affected technologies included CMS platforms (35 CVEs), network edge devices (29), and operating systems (24). Major exploited products included Microsoft Windows (15) and Broadcom VMware (6).

CISA added 80 KEVs, but only 12 had no prior exploitation evidence. 25.8% of CVEs are still pending NVD analysis, while 3.1% received a "Deferred" status.

According to the 2025 Verizon DBIR, vulnerability exploitation as an initial access vector grew by 34%, now making up 20% of intrusions. Mandiant also confirmed that exploits remain the top infection method, with stolen credentials now more common than phishing.

‍