GreyNoise 2025 Mass Internet Exploitation Report

Attackers are getting quicker at exploiting newly found CVEs, with exploitation observed within hours of disclosure in 2024.

A majority of the most exploited vulnerabilities in 2024 targeted home internet routers, including customer-facing fiber modems

40% of vulnerabilities exploited in 2024 were from 2020 or earlier.

GreyNoise detected the exploitation of 29 vulnerabilities before they were added to CISA’s KEV catalog.

10% of vulnerabilities exploited in 2024 were from 2016 or earlier, with some dating back to the late 1990s, such as CVE-1999-0526.

28% of the CVEs added to CISA’s KEV catalog were leveraged by ransomware groups.