Kaspersky Report: Vulnerabilities Are Exploding, and Attackers Are Adapting

Kaspersky Labs has published its Q2 2025 vulnerability analysis, revealing an alarming rise in both the number of vulnerabilities registered and their exploitation in the wild. The findings show that attackers continue to rely on well-known flaws in core platforms like Windows, Linux, and WinRAR, while also adapting to emerging technologies such as AI frameworks and low-code platforms.

The report highlights a steep rise in CVE registrations this year: “The number of registered vulnerabilities is clearly growing year-on-year, both as a total and for each individual month. For example, around 2,600 vulnerabilities were registered as of the beginning of 2024, whereas in January 2025, the figure exceeded 4,000.”

Critical CVEs (CVSS > 8.9) are also on the rise. Kaspersky notes that “the data for the first two quarters of 2025 shows a significant increase when compared to previous years.”

For Windows, long-exploited vulnerabilities in Microsoft Office’s Equation Editor remain dominant:

• CVE-2018-0802 – RCE in Equation Editor.
• CVE-2017-11882 – another Equation Editor RCE.
• CVE-2017-0199 – Word/WordPad exploit for system compromise.

Additionally, newer flaws are seeing active abuse:

• CVE-2023-38831 – WinRAR improper file handling.
• CVE-2025-24071 – Windows File Explorer flaw leaking NetNTLM credentials.
• CVE-2024-35250 – ks.sys driver code execution bug.

For Linux, attackers continue to exploit privilege escalation bugs:

• CVE-2022-0847 (Dirty Pipe)
• CVE-2019-13272
• CVE-2021-22555 – a Netfilter heap overflow using msg_msg primitives to trigger UAF.

Kaspersky emphasizes: “It’s critically important to install security patches for the Linux operating system, as it’s attracting more and more attention from threat actors each year – primarily due to the growing number of user devices running Linux.”

Kaspersky’s telemetry shows advanced persistent threat (APT) groups exploiting both new zero-days and older CVEs. The report warns: “Low-code/no-code development tools were at the top of the list, and a vulnerability in a framework for creating AI-powered applications appeared in the TOP 10.”

This highlights how attackers are quick to weaponize vulnerabilities in new development ecosystems while continuing to rely on tried-and-tested entry points.

The report details the most popular C2 frameworks leveraged by attackers in 2025: Sliver, Metasploit, Havoc, and Brute Ratel C4. These tools integrate exploits “out of the box,” providing post-compromise capabilities.

Exploited vulnerabilities tied to C2 frameworks include:

• CVE-2025-31324 – SAP NetWeaver RCE (CVSS 10.0).
• CVE-2024-1709 – ConnectWise ScreenConnect auth bypass (CVSS 10.0).
• CVE-2025-33053 – Windows LNK file handling flaw leading to RCE.

As Kaspersky concludes, “Attackers are increasingly customizing their C2 agents to automate malicious activities and hinder detection.”

Among the standout CVEs covered in the report:

• CVE-2025-32433 – Erlang/OTP SSH server RCE due to unauthenticated command execution.
• CVE-2025-6218 – WinRAR directory traversal flaw, similar to CVE-2023-38831.
• CVE-2025-3052 – UEFI NVRAM flaw allowing Secure Boot bypass.
• CVE-2025-49113 – Insecure deserialization in Roundcube Webmail, exploitable post-authentication.

Kaspersky’s Q2 2025 report underscores a cybersecurity reality: the volume of vulnerabilities is increasing, exploitation remains widespread, and attackers are adapting to new technologies just as quickly as enterprises adopt them.

As the report advises: “To protect systems, it’s critical to regularly prioritize the patching of known vulnerabilities and use software capable of mitigating post-exploitation damage.”

Related Posts:

• Escalating Cyber Threats: Q2 2024 Vulnerability Report
• Warning: Fake WinRar Websites Distributing Malware
• CVE-2024-8940 (CVSS 10): Critical Flaw in Scriptcase Low-Code Platform Leaves Developers at Risk
• Cyber Alert: Smishing Triad Gang’s Fake UAE Authority SMS Scam