security Bearish 7

Rapid7 Report: Exploited Software Flaws More Than Doubled in 2025

· 3 min read · Verified by 4 sources · By Cyber Intelligence Brief Editorial
Share

Key Takeaways

  • A new report from Rapid7 reveals that the number of high and critical software vulnerabilities being actively exploited surged by over 100% in 2025.
  • This trend is driven by threat actors significantly compressing the time between a flaw's public disclosure and the launch of active attacks.

Mentioned

Rapid7 company RPD IT Brief company Security Operations Centers technology

Key Intelligence

Key Facts

  1. 1Exploited high and critical software flaws increased by over 100% in 2025.
  2. 2The disclosure-to-attack window has significantly compressed, often to less than 24 hours.
  3. 3Attackers are prioritizing high-severity flaws that offer administrative access or data exfiltration.
  4. 4Edge devices and third-party software remain the most targeted vectors for initial access.
  5. 5Rapid7's report emphasizes the shift from zero-day hunting to rapid N-day exploitation.
Global Security Posture

Who's Affected

Rapid7
companyPositive
Enterprise IT Teams
companyNegative
Edge Device Vendors
technologyNegative

Analysis

The cybersecurity landscape underwent a seismic shift in 2025 as the volume of exploited high and critical software vulnerabilities more than doubled compared to the previous year. According to the latest research from Rapid7, this surge is not just a statistical anomaly but a reflection of a fundamental change in how threat actors operate. The primary driver behind this escalation is the dramatic compression of the disclosure-to-attack window—the period between a vulnerability becoming public knowledge and its active exploitation in the wild.

In previous years, organizations often had a grace period of days or even weeks to test and deploy patches. However, the 2025 data suggests that this window has effectively collapsed. Attackers are now leveraging automated scanning and AI-assisted exploit development to weaponize new vulnerabilities within hours of their announcement. This N-day exploitation cycle has become so efficient that it often outpaces the internal change management processes of even the most sophisticated enterprises. The report highlights that high and critical flaws are being prioritized by attackers because they offer the path of least resistance to sensitive data and administrative control.

According to the latest research from Rapid7, this surge is not just a statistical anomaly but a reflection of a fundamental change in how threat actors operate.

The industry context for this trend is particularly concerning. As organizations increasingly rely on a complex web of cloud services, edge devices, and third-party software, the attack surface has expanded beyond the traditional perimeter. Rapid7’s findings indicate that edge technologies—such as VPNs, firewalls, and load balancers—have become primary targets. These devices often sit outside the standard visibility of endpoint detection tools, making them ideal entry points for initial access. The doubling of exploited flaws suggests that attackers are no longer just looking for zero-days but are finding immense success in the rapid exploitation of known, high-impact vulnerabilities that remain unpatched.

What to Watch

For cybersecurity leaders, the implications are clear: the traditional Patch Tuesday model is increasingly obsolete. The sheer volume of critical flaws requiring immediate attention is leading to widespread patch fatigue among IT and security teams. This creates a dangerous gap where organizations must choose between the risk of system instability from rapid patching and the risk of catastrophic breach from delayed action. The market impact of this trend is already visible in the increased demand for exposure management and automated remediation technologies. Companies like Rapid7, Tenable, and Qualys are pivoting their platforms to provide more than just vulnerability scanning; they are now focused on vulnerability intelligence that helps teams prioritize which flaws are most likely to be exploited in their specific environment.

Looking ahead, the trend of compressed attack windows is expected to accelerate. As generative AI tools become more integrated into the toolkits of both state-sponsored actors and cybercriminal syndicates, the time to exploit will likely shrink even further. Experts suggest that the next frontier in defense will be autonomous patching and the use of AI-driven defensive agents that can apply temporary mitigations or virtual patches at the network level before a permanent software fix can be deployed. The 2025 data from Rapid7 serves as a stark warning that the speed of defense must now match the speed of the adversary to prevent a total breakdown in digital trust.

Sources

Sources

Based on 4 source articles

Related Stories

security

$30M Investment Supercharges Sovereign AI for Cybersecurity in India

Innefu Labs’ $30 million Series B will accelerate development of AI‑powered cyber and national security platforms, including secure language models and agentic tools. The round underscores the urgency of indigenous defense tech amid rising cyber threats.

security

Embee Software Targets 100% DPDP Compliance with New Microsoft Security Stack

Embee Software has launched an expanded cybersecurity portfolio centered on Microsoft’s security ecosystem and Zero Trust principles. The move aims to bolster cyber resilience for Indian firms while ensuring compliance with the Digital Personal Data Protection (DPDP) Act.

security

ISI CCTV Espionage Ring Leverages Women and Minors for Surveillance

Intelligence reports have uncovered a sophisticated espionage operation orchestrated by Pakistan's ISI, utilizing a network of women and underage recruits to manage and exploit CCTV surveillance systems. This hybrid warfare tactic combines traditional human intelligence with technical IoT vulnerabilities to monitor sensitive locations and public infrastructure.

security

India Data Center Capacity to Hit 4 GW by FY30 with ₹1.5T+ Investment

India's data center capacity is projected to quadruple to 4 GW by fiscal year 2030, driven by investments between ₹1.5 lakh crore and ₹4 lakh crore. This massive infrastructure surge reflects the nation's push for data sovereignty and the rising demands of AI and 5G technologies.

How we covered this story

Every story in our cybersecurity coverage is assembled from multiple primary sources, cross-referenced for factual consistency, and scored along three independent dimensions: sentiment, operational impact, and source-cluster confidence. Single-source rumors and unverifiable claims do not pass our editorial gate. When a story shows "Verified by N sources" with N≥2, the development is independently corroborated; when N=1, we mark it explicitly so readers can weigh the signal accordingly.

Impact scoring uses a 1-10 scale weighted toward regulatory, financial, and operational consequence rather than coverage volume. A topic that runs in every outlet but moves no real decisions ranks lower than a niche regulatory filing that reshapes how operators in the cybersecurity space have to behave. Read our full methodology for the scoring rubric, our glossary for term definitions, and our trends index for the longitudinal view across the beat.

Signal on this pageWhat it tells you
Verified by N sourcesIndependent corroboration count. N≥2 is our confidence floor; N=1 is marked explicitly.
Impact score (1-10)Regulatory + financial + operational weight. 8+ signals an experienced-operator action item.
SentimentFive-tier classification trained on labeled cybersecurity-specific corpora.
TimelineWhere applicable, the related-events sequence that contextualizes today's development.