2025 vulnerability summary by Jerry Gamblin

Published by Olle Johansson on

Jerry Gamblin has published a blog post summarising the year of 2025 in the CVE program. Some facts from his excellent blog post:

  • Number of CVEs: 48185 – a 20% growth from the year before
  • Total number of CVEs since start: 308 920
  • Active CVE Numbering Authorities (CNAs): 365
  • Busiest day: February 26 with 793 registred CVEs

The largest number of CVEs is registered for the Linux Kernel. Second in place is the WordPress eco system, which is an important change.

But the matching part is missing. Jerry notices that only 57% of the CVEs has a CPE. This is a huge problem for all vulnerability management systems, with or without a Software Bill of Materials. With almost 50 thousand CVEs – with an average of 132 per calendar day – automation is needed and it will not work without proper identifiers.

Read Jerry’s blog to get the full report!

Categories: BlogsCVE program
Tags:

Related Posts

Blogs

GVIP Summit Speaker: Philippe Ombredanne

Organising a conference can be stressful. Fixing the hotel, making decisions about food, microphones, rollups, badges and… so much details. And then we have the speakers. Trying to get the information needed for the agenda, Read more

Alexandre Delaunay, CIRCL
Blogs

GVIP Summit Speaker: Alexandre Dulaunoy

Alexandre is a Security Researcher and Head of CIRCL in Luxembourg. In the GVIP summit, he will talk about the GCVE project and the open-source Vulnerability Lookup project. The Global CVE (GCVE) allocation system is a new, Read more

Yogesh Mittal, Red Hat
Blogs

GVIP Summit Speaker: Yogesh Mittal, Red Hat

Yogesh is a PSIRT Manager at Red Hat, where he specializes in the organizational design of global vulnerability ecosystems. His talk is titled: “Designing the Hierarchy of Trust: Governance Lessons from a CVE Root and Read more