2025 Q1 Trends in Vulnerability Exploitation | Blog | VulnCheck
In Q1 2025, VulnCheck identified evidence of 159 CVEs publicly disclosed for the first time as exploited in the wild. In Q1 2025, VulnCheck identified evidence of 159 CVEs publicly disclosed for the first time as exploited in the wild. The disclosure of known exploited vulnerabilities was from 50 different sources. We continue to see vulnerabilities being exploited at a fast pace with 28.3% of vulnerabilities being exploited within 1-day of their CVE disclosure. This trend continues from a similar pace we saw in 2024. This demonstrates the need for defenders to move fast on emerging threats while continuing to burn down their vulnerability debt. Here are the key take-aways from our analysis and coverage of known exploited vulnerabilities: 159 KEVs were publicly disclosed in Q1-2025 28.3% of KEVs had exploitation evidence disclosed in 1-day of a CVE being published 25.8% of KEVs are still awaiting or undergoing analysis by NIST NVD 3.1% of KEVs have been assigned the new "Deferred" status by NIST NVD 2 KEVs reported publicly have reserved but unpublished CVEs 1 KEV reported is now rejected
