Jump to content
  • Sign Up
×
×
  • Create New...
New feature: 1 Vote = 0.10€ for server Owner!

CVE volumes head towards 50,000 in 2025, analysts claim

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted

This is the hidden content, please

CVE volumes head towards 50,000 in 2025, analysts claim

A heady mixture of converging trends is likely to cause the volume of disclosed

This is the hidden content, please
(CVEs) to hit at least 45,000 – and possibly even as high as 50,000 – during 2025, setting a new world record.

This is according to the

This is the hidden content, please
(First), a security non-profit organisation based in North Carolina in the US, which said this figure was about 11% higher than in 2024, and almost six times higher in 2023. It said this underscores the growing complexity of the security landscape, and means organisations must start to think more about their risk prioritisation and mitigation strategies.

“The number of reported vulnerabilities isn’t just growing, it’s accelerating,” said 

This is the hidden content, please
, First liaison and lead member of its Vulnerability Forecasting Team. “Security teams can no longer afford to be reactive; they must anticipate and prioritise threats before they escalate.”

First’s analysts attributed this surge to a number of factors – shifting technological mores, disclosure policy changes and worldwide geopolitical chaos among them.

“A combination of new players in the CVE ecosystem, evolving disclosure practices, new disclosure legislation in Europe, and a rapidly expanding attack surface is fuelling this surge,” said Leverett.

Most importantly, on the tech side, the rapid adoption of open source software (OSS) and the use of artificial intelligence (AI) tools to aid in vulnerability discovery was surfacing more flaws, and making it easier to spot them.

Added to this, new contributors to the CVE ecosystem, such as Linux and Patchstack, are also having an effect on discovery volumes, and updates to how vulnerabilities are assigned and reported – coupled with some funding challenges – are altering disclosure patterns.

And a growing amount of state-sponsored cyber activity by government-run actors – often but not necessarily always

This is the hidden content, please
– is leading to more weaknesses being uncovered and exploited.

In terms of the types of CVEs being seen, First noted that memory safety vulnerability volumes are currently declining, while conversely, cross-site scripting (XSS) vulnerabilities seem to be on the up.

Looking ahead, Leverett said he anticipated further growth in 2026, with an estimated minimum volume of just under 51,300 CVEs expected to surface.

Vulnerability management a big challenge for cyber pros

He said this emphasised the long-term challenges around vulnerability management best practice, and advised defenders to try to think about such things more strategically, rather than merely reacting to disclosures.

What this means in practice is that security pros should prioritise vulnerabilities that pose the greatest risk of exploitation – using threat intel and predictive insights – rather than trying to patch everything everywhere all at once. At the same time, teams and resources can and should be scaled appropriately to optimise roll-out, and attack surface management. Planning here is key, said Leverett, and leaders should try to find ways of predicting patch “effort” in advance, including needed downtime.

It may also be a good idea to prepare for changing disclosure trends, trying to anticipate surges in reports – this can be easily done around

This is the hidden content, please
’s Patch Tuesday, although it may prove more challenging in general – and allocating resources based on this.

It is far more important, said Leverett, to understand how a sequence of vulnerabilities might hit the organisation – and impact the security team’s work, rather than constantly being on the lookout for the next ****** swan vulnerability, like Citrix Bleed or Log4Shell.

“Understanding the numbers is one thing, acting on them is what truly matters,” he said. “Organisations that use this data to guide their security planning can reduce exposure, mitigate risk and stay ahead of attackers.” 



This is the hidden content, please

#CVE #volumes #analysts #claim

This is the hidden content, please

This is the hidden content, please

0

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept