N-Day Vulnerability Trends: The Shrinking Window of Exposure and the Rise of “Turn-Key” Exploitation

N-day vulnerabilities represent over 80% of all Known Exploited Vulnerabilities (KEVs) tracked over the past four years.

Average Time to Exploit (TTE) declines year-by-year: 745 days in 2020, 518 days in 2021, 405 days in 2022, 296 days in 2023, 115 days in 2024, and 44 days in 2025.

In 2025, 37 N-day vulnerabilities and 52 zero-day vulnerabilities specifically targeted security and perimeter software.

Of the 65 CVEs discussed by the BlackBasta ransomware group, 54 are Known Exploited Vulnerabilities (KEVs).

The Lazarus threat actor group has over 40 distinct designations across the industry.

Exploit weaponization can occur in under 24 hours.

Most large organizations have accurate inventories for only about 25% of their total assets.