heise PlusAbo

CISA catalog of attacked vulnerabilities grew by 20 percent in 2025

The US cybersecurity agency CISA maintains a catalog of exploited vulnerabilities. It grew somewhat faster in 2025.

listen Print view
CISA Logo

(Image: heise medien)

2 min. read
Security
By

The catalog of exploited vulnerabilities from the US cybersecurity agency CISA grew by around 20 percent in 2025. This accelerated the growth rate. Of the observed attacks on vulnerabilities, ransomware gangs exploited 24 of the vulnerabilities newly added in 2025.

This is reported by IT security researchers from the company Cyble in a blog post. The “Known Exploited Vulnerabilities” (KEV) catalog was launched in November 2021 and already recorded the thousandth security vulnerability registered as attacked in the fall of 2023. According to Cyble, after the initial peak at the launch of the KEV in 2023, there were 187 more security vulnerabilities added, followed by another 185 in 2024. In the past year, 2025, CISA has now registered 245 new security vulnerabilities as exploited in the wild -- a significant increase, thus increasing the scope of the KEV by 20 percent.

At the end of 2025, the catalog comprises a total of 1484 security vulnerabilities. The reports each year also include older vulnerabilities that have been known for a year or longer. The proportion is comparatively constant at about one-third of the newly added vulnerabilities of a year.

Vulnerabilities exploited by ransomware groups

CISA also notes for some security vulnerabilities that they have been exploited by ransomware groups. In 2025, CISA marked 24 of the newly registered vulnerabilities in this way. For example, the vulnerabilities “CitrixBleed 2” (CVE-2025-5777) or in the Oracle E-Business Suite (CVE-2025-61882, CVE-2025-61884) were attacked by the criminal online association Cl0p, which copied data from affected organizations and then extorted ransom from the victims.

Videos by heise

Cyble's IT researchers also provide a ranking of the most exploited vulnerabilities by manufacturer in 2025:

  1. Microsoft (39)
  2. Apple (9)
  3. Cisco (8)
  4. Fortinet (8)
  5. Google Chromium (7)
  6. Ivanti (7)
  7. Linux Kernel (7)
  8. Citrix (5)
  9. D-Link (5)
  10. Oracle (5)
  11. Sonicwall (5)

For administrators, CISA's “Known Exploited Vulnerabilities” catalog thus continues to be an important source for vulnerabilities that need to be patched quickly.

(dmk)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten