Less than 1% of software vulnerabilities were exploited in the wild over the past year, but those flaws are being weaponized faster and on a larger scale than ever before, according to a report released Wednesday by VulnCheck.
Researchers tracked more than 14,400 exploits linked to about 10,500 unique CVEs in 2025, representing a 16.5% increase from the prior year. A large percentage of that increase was linked proof-of-concept code that was generated by AI.
Researchers cautioned that much of that AI-generated code was non-functional.
The results highlight the difficulties security teams have in prioritizing which are the most serious threats that need to be investigated. Threat groups are increasingly able to weaponize flaws before network defenders can apply security patches and take other mitigation measures.
“Defenders have long taken the availability of public exploit code as a significant risk signal,” Caitlin Condon, vice president, security research at VulnCheck, told Cybersecurity Dive.
Condon said the research shows that an overwhelming amount of AI-generated information is creating problems for defenders trying to judge what are legitimate threats and what can be ignored.
More than 50% of CVEs linked to ransomware were first identified as a result of a zero-day vulnerability.
React2Shell, tracked as CVE-2025-55182, was the top vulnerability of 2025, with 236 known exploits.
A Microsoft Sharepoint vulnerability, tracked as CVE-2025-53770, had 36 known exploits.
