An average of 131 CVE reports per day

The number of CVE reports will continue to rise in 2025. There is now an average of 131 per day. The KEV list of critical vulnerabilities is growing explosively. The security situation is deteriorating, despite plans to diversify the system.

As threats increase, uncertainty arises about the future of the CVE system. The program is currently funded entirely by the US government, but alternative initiatives are emerging. ENISA’s EUVD and the Global CVE Allocation System (GCVE) are examples of these developments.

Although diversification can improve availability and resilience, fragmentation raises practical questions. Researchers and security professionals will soon no longer know where to report a vulnerability. Integrating and correlating vulnerability data from different sources with different identifiers will also become a challenge.

Upward trend continues

Figures for the first half of 2025 show that the increase in CVE publications is not a temporary phenomenon. Whereas 2024 saw an average of 113 CVEs per day, this year the rate is 131 reports per day. This development suggests that 2025 will exceed the record number of over 40,000 CVEs from 2024.

The diversity of suppliers is also increasing. The number of unique suppliers in the KEV list rose from 45 in the first half of 2024 to 61 this year. Network-related equipment accounts for a growing proportion of threats, rising from 22.5% to 25%.

Explosive growth of KEV vulnerabilities

Even more worrying is the steep increase in Known Exploited Vulnerabilities (KEVs). This list contains vulnerabilities that attackers actively exploit. The growth goes beyond the peak in March – there has been a general sharp increase.

On a positive note, the oldest CVEs added to the KEV list this year date back to 2017. In 2024, vulnerabilities from 2012 were still being added. Nevertheless, it remains worrying that vulnerabilities can go unnoticed for years, as was recently demonstrated by a sudo/chroot problem that existed for more than 12 years.

Tip: Europe to launch its own security database following CVE uncertainty

Top story

KnowBe4 evolves from security training to human risk management

Security awareness training has come a long way from its origins as a compliance checkbox. Today, it’s evol...

Berry Zwets July 11, 2025

Whitepapers

An average of 131 CVE reports per day

Upward trend continues

Explosive growth of KEV vulnerabilities

Stay tuned, subscribe!

Zscaler Cellular brings Zero Trust to IoT and OT devices

Domain-specific AI beats general models in business applications

Storyblok Blueprints, speedier setup for web developers

SentinelOne further delivers on Purple AI promise with new Athena release

CyberArk and SentinelOne join forces for better identity security

Purple AI takes SentinelOne platform to the next level

Trust and AI in cybersecurity: difficult but crucial to navigate (Alex Stamos, SentinelOne)

Experience Synology’s latest enterprise backup solution

How to choose the right Enterprise Linux platform?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices

Krijg Volledig Inzicht van Gebruiker tot Cloud met Cisco ThousandEyes

GITEX DIGI_HEALTH 5.0 - Thailand

IT Arena

Innovation Week 2025

Luxembourg Venture Days

Appdevcon