This report provides statistical data on published vulnerabilities and exploits we researched during Q4 2025. It also includes summary data on the use of C2 frameworks in APT attacks.
This report provides statistical data on published vulnerabilities and exploits we researched during Q4 2025. It also includes summary data on the use of C2 frameworks in APT attacks.
The fourth quarter of 2025 went down as one of the most intense periods on record for high-profile, critical vulnerability disclosures, hitting popular libraries and mainstream applications. Several of these vulnerabilities were picked up by attackers and exploited in the wild almost immediately. In this report, we dive into the statistics on published vulnerabilities and exploits, as well as the known vulnerabilities leveraged with popular C2 frameworks throughout Q4 2025. Statistics on registered vulnerabilities This section contains statistics on registered vulnerabilities. The data is taken from cve.org . Let’s take a look at the number of registered CVEs for each month over the last five years, up to and including the end of 2025. As predicted in our last report , Q4 saw a higher number of registered vulnerabilities than the same period in 2024, and the year-end totals also cleared the bar set the previous year. Total published vulnerabilities by month from 2021 through 2025 ( download ) Now, let’s look at the number of new critical vulnerabilities (CVSS > 8.9) for that same period. Total number of published critical vulnerabilities by month from 2021 to 2025< ( download ) The graph shows that the volume of critical vulnerabilities remains quite substantial; however, in the second half of the year, we saw those numbers dip back down to levels seen in 2023. This was due to vulnerability churn: a handful of published security issues were revoked. The widespread adoption of secure development practices and the move toward safer languages also pushed those numbers down, though even that couldn’t stop the overall flood of vulnerabilities. Exploitation statistics This section contains statistics on the use of exploits in Q4 2025. The data is based on open sources and our telemetry. Windows and Linux vulnerability exploitation In Q4 2025, the most prevalent exploits targeted the exact same vulnerabilities that dominated the threat landscape thr