VulnCheck reports that software vulnerabilities are being weaponized rapidly, with a 16.5% increase in exploits linked to 10,500 CVEs in 2025, partly due to AI-generated proof-of-concept code. Less than 1% of vulnerabilities were exploited, complicating threat assessment for security teams. Notably, over 50% of ransomware CVEs were zero-days. Major vulnerabilities include React2Shell (236 exploits) and a Microsoft Sharepoint flaw (36 exploits).
Software Vulnerabilities Are Being Weaponized Faster Than Ever

