Report by Black Kite
2025 Supply Chain Vulnerability Report
6 FINDINGSPublished Apr 8, 2025
View Original Report →Key Findings
Over 4,400 of the disclosed CVEs in 2024 were classified as critical (CVSS 9.0+).
Black Kite2025 Supply Chain Vulnerability Report·Apr 8, 2025
CVEsCVSSVulnerabilities
Over 20,000 of the disclosed CVEs in 2024 had a CVSS score of 7.0 or higher.
Black Kite2025 Supply Chain Vulnerability Report·Apr 8, 2025
CVEsCVSSVulnerabilities
There was a 38% year-over-year increase in published CVEs.
Black Kite2025 Supply Chain Vulnerability Report·Apr 8, 2025
CVEsVulnerabilities
Over 40,000 CVEs were disclosed in 2024.
Black Kite2025 Supply Chain Vulnerability Report·Apr 8, 2025
CVEsVulnerabilities
A significant portion of vulnerabilities were weaponized within days of disclosure.
Black Kite2025 Supply Chain Vulnerability Report·Apr 8, 2025
CVEsVulnerabilities
Many of 2024's most exploited vulnerabilities were found in widely used third-party software rather than internally developed applications
Black Kite2025 Supply Chain Vulnerability Report·Apr 8, 2025
CVEsVulnerabilitiesThird-party