CISA KEV List Update Shows Sharp Increase in Actively Exploited Vulnerabilities

The increasing number of security vulnerabilities that hackers actively exploit has prompted new concerns from the Cybersecurity and Infrastructure Security Agency (CISA). According to the CISA, it is now monitoring 1,484 hardware and software vulnerabilities that have been used in real cyberattacks. This demonstrates the rapid evolution of cyberthreats and the importance of regular security updates.

During 2025 alone, CISA added 245 new security vulnerabilities to its Known Exploited Vulnerabilities (KEV) list. Alarmingly, 24 of these flaws have been used in ransomware attacks, where criminals lock systems or steal data to demand payment. Since the KEV list was first made public in 2021, it has grown every year, but 2025 recorded the fastest expansion so far, with a growth rate of around 20 percent. Cybersecurity researchers note that after rapid growth in the early years, the KEV list had started to stabilize. However, the sharp rise in 2025 shows that attackers are continuing to find and exploit weaknesses at a faster pace. While many of the newly added flaws were discovered recently, CISA has also included older vulnerabilities that remain dangerous if left unpatched.

An instance is a remote code execution vulnerability in Microsoft Office initially disclosed in 2007, which was incorporated into the KEV list in 2025. Older vulnerabilities persist in the catalogue, including a Windows-related flaw from 2002 linked to ransomware activities. These instances demonstrate that unpatched older systems persist in presenting significant cybersecurity threats. Numerous prevalent enterprise systems were subjected to ransomware attacks last year. Vulnerabilities impacting Citrix and Oracle systems were notable for their significant consequences. Recent vulnerabilities in networking, communication, and business software products were extensively exploited, leaving organisations across several sectors susceptible.

Analysis shows that attackers most often exploit weaknesses such as command injection, improper authentication, code injection, and path traversal flaws. These security gaps allow cybercriminals to bypass normal security controls and gain unauthorized access to systems. In many cases, such vulnerabilities enable attackers to run malicious commands, manipulate data, or move deeper into a network. If left unpatched, these flaws can be used as entry points for larger attacks, including data theft and ransomware, making them a serious risk for organizations of all sizes.

CISA advises federal agencies, businesses, and software developers to regularly monitor the KEV list. Staying aware of actively exploited vulnerabilities helps organizations prioritize patches, reduce cyber risk, and strengthen overall cybersecurity defenses in an increasingly hostile digital environment. Proactive vulnerability management, timely software updates, and regular security assessments are essential to prevent attacks before they occur. Building a culture of cybersecurity awareness also plays a key role in improving long-term security preparedness.

This article is based on information from Security Week