More than 48,000 new CVEs were disclosed in 2025, of which 7,100+ were rated critical. These included major vulnerabilities such as React2Shell, MongoBleed, CitrixBleed 2, and high-impact Android, Chrome and Windows exploits dominated threat reports, with exploitation frequently occurring before patches were fully deployed.
The scale and sophistication of vulnerability exploitation underscored the fact that teams need to react as quickly as attackers, reinforcing why a vulnerability alert service is imperative as a first line of cyber defence.
Speed is of the essence when it comes to keeping software secure. Working in the background 24/7, SecAlerts saves security teams valuable time by matching vulnerabilities to their software as soon as the information is released, rather than relying solely on NVD and its often-lengthy delays. Teams can also filter out the noise and instantly receive, and take action against, threats relevant to them, without sifting through a mountain of information.
The 20 most exploited vulnerabilities of 2025 all appeared on SecAlerts as soon as the information was released. Each of these links includes affected software, versions, remedy information, reference links and more:
CVE‑2025‑55182, React2Shell: Critical unauthenticated RCE in React Server Components enables attackers to execute code via unsafe deserialization.
CVE‑2025‑32433, Erlang/OTP SSH RCE: Pre-authentication RCE in Erlang/OTP’s SSH daemon allows attackers arbitrary code execution.
CVE‑2025‑59287, Microsoft WSUS Deserialization — Critical RCE triggered by unsafe deserialization in Windows Server Update Services.
CVE‑2025‑62221, Windows Cloud Files Driver: Use-after-free in Cloud Files Mini Filter Driver leads to privilege escalation.
CVE‑2025‑5777, CitrixBleed 2: Citrix NetScaler OOB read exposes sensitive memory and enables session hijacking.
CVE‑2025‑48384, Git Arbitrary File Write: Allows malicious files to be placed during Git repository operations.
CVE‑2025‑4664, Chrome Cross‑Origin Leak: Chrome flaw exposing sensitive cross‑origin content.
CVE‑2025‑10585, Chrome V8 Type Confusion: Type confusion in Chrome V8 enabling memory corruption and potential RCE.
CVE‑2025‑5086, DELMIA Apriso RCE: Unsafe deserialization enables remote code execution in industrial systems.
CVE‑2025‑53690, Sitecore ViewState RCE: ViewState deserialization flaw enabling remote execution.
CVE‑2025‑9242, WatchGuard Firebox OOB Write: OOB write in IKEv2 protocol enables full server compromise.
CVE‑2025‑12480, Gladinet Triofox Access Bypass: Improper access controls allow authentication bypass.
CVE‑2025‑6218, WinRAR Path Traversal: Path traversal enables arbitrary file extraction outside intended directories.
CVE‑2025‑48633, Android Info Disclosure: Android information leak via malformed request handling.
CVE‑2025‑48572, Android Privilege Escalation: Allows apps to escalate privileges on affected Android devices.
CVE‑2025‑14847, MongoBleed Heap Leak: Heap leak in MongoDB exposes sensitive memory.
CVE‑2025‑55183, React2Shell Info Leak: Server information disclosure flaw related to React2Shell.
CVE‑2025‑55184, React2Shell DoS: DoS condition affecting React Server Components.
CVE‑2025‑67779, React2Shell Residual DoS: Residual DoS caused by incomplete patching of React2Shell.
CVE‑2025‑6202, Phoenix DDR5 Rowhammer: DDR5 Rowhammer exploit enabling bit flips and privilege escalation.
