Report by Black Kite

2025 Supply Chain Vulnerability Report

6 FINDINGSPublished Apr 8, 2025
View Original Report →

Key Findings

Over 4,400 of the disclosed CVEs in 2024 were classified as critical (CVSS 9.0+).

Black Kite2025 Supply Chain Vulnerability Report·1y ago
CVEsCVSSVulnerabilities

Over 20,000 of the disclosed CVEs in 2024 had a CVSS score of 7.0 or higher.

Black Kite2025 Supply Chain Vulnerability Report·1y ago
CVEsCVSSVulnerabilities

There was a 38% year-over-year increase in published CVEs.

Black Kite2025 Supply Chain Vulnerability Report·1y ago
CVEsVulnerabilities

Over 40,000 CVEs were disclosed in 2024.

Black Kite2025 Supply Chain Vulnerability Report·1y ago
CVEsVulnerabilities

A significant portion of vulnerabilities were weaponized within days of disclosure.

Black Kite2025 Supply Chain Vulnerability Report·1y ago
CVEsVulnerabilities

Many of 2024's most exploited vulnerabilities were found in widely used third-party software rather than internally developed applications

Black Kite2025 Supply Chain Vulnerability Report·1y ago
CVEsVulnerabilitiesThird-party