The latest Exploits and Vulnerabilities Report from Kaspersky paints a stark picture of today’s cybersecurity landscape: more users are facing exploits in both Linux and Windows systems in 2025 than in 2024. While Windows continues to be the prime target due to its ubiquity, Linux is increasingly under fire, and even macOS —often seen as a safer platform— is showing signs of becoming more attractive to attackers.
CVEs Keep Climbing: A Growing Attack Surface
According to data from cve.org, the number of registered vulnerabilities has exploded:
- In early 2024, around 2,600 CVEs were registered per month.
- In 2025, that figure now exceeds 4,000 CVEs per month.
This increase also includes a sharp rise in critical vulnerabilities (CVSS > 8.9), giving threat actors more opportunities to compromise systems.
Kaspersky’s telemetry shows that in Q2 2025, 64% of exploits targeted operating systems, 29% targeted third-party applications, and 7% browsers.
Windows: Old Exploits Still Going Strong
Microsoft Windows remains the most heavily exploited platform, partly due to long-lived vulnerabilities that attackers continue to weaponize:
- CVE-2018-0802 & CVE-2017-11882 (Equation Editor, Microsoft Office) – Remote code execution flaws still widely abused.
- CVE-2017-0199 – Office/WordPad vulnerability enabling full system compromise.
- CVE-2023-38831 (WinRAR) – Exploiting archive handling, a favorite entry point for attackers.
- CVE-2025-24071 (Windows Explorer) – Enables theft of NetNTLM credentials.
The persistence of these exploits underlines a critical patch management gap in enterprises, where outdated software remains exposed.
Linux: A Rising Target
Linux is no longer the “less interesting” option for attackers. The number of Linux users encountering exploits in Q2 2025 was over 50% higher than in Q2 2024.
The most active vulnerabilities include:
- CVE-2022-0847 (Dirty Pipe): Privilege escalation flaw.
- CVE-2019-13272: Mismanagement of privilege inheritance.
- CVE-2021-22555: Heap overflow in Netfilter leading to Use-After-Free exploitation.
The rise of Linux in servers, IoT, and cloud environments makes it increasingly attractive for APT groups and ransomware operators.
macOS: Still Safer, but No Longer Ignored
While Kaspersky’s report focuses primarily on Windows and Linux, industry experts note that macOS is slowly becoming a target for more sophisticated exploits. Attackers are particularly interested in:
- Privilege escalation flaws in macOS kernel extensions.
- Vulnerabilities in popular cross-platform apps (e.g., browsers, productivity tools) running on macOS.
- Supply chain attacks targeting developers who heavily rely on macOS for building iOS and cross-platform software.
Although Apple’s security model, with its sandboxing and frequent updates, still offers stronger baseline protection, the growing popularity of macOS in enterprise and development environments means attackers are taking note.
APTs and C2 Frameworks
The report also highlights that Advanced Persistent Threat (APT) groups are increasingly pairing exploits with C2 frameworks such as Metasploit, Sliver, Havoc, and Brute Ratel C4. These tools allow attackers to automate post-exploitation activities, making it easier to escalate privileges and maintain persistence.
Notable CVEs tied to APT activity in H1 2025 include:
- CVE-2025-31324 (SAP NetWeaver, CVSS 10.0).
- CVE-2024-1709 (ConnectWise ScreenConnect, CVSS 10.0).
- CVE-2025-33053 (Windows LNK, remote code execution).
Implications for Enterprises
The lesson is clear: exploits remain a top threat vector, and organizations must adapt their defenses. Recommendations include:
- Accelerated patch management for both OS and third-party apps.
- Deployment of EDR/XDR solutions to detect anomalous behavior.
- Continuous monitoring of both internal and external infrastructure.
- Threat intelligence programs to anticipate and respond to APT activity.
Kaspersky’s Alexander Kolesnikov sums it up:
“The sharp rise in critical CVEs and active exploits shows that attackers don’t always need new techniques —they just need unpatched systems. Patch management is no longer optional, it’s strategic.”
FAQ – Exploits and Vulnerabilities in 2025
1. Why do attackers still succeed with old exploits?
Because many organizations fail to patch quickly. Legacy systems, lack of resources, or fear of downtime often leave well-known vulnerabilities open for years.
2. Is Linux now as vulnerable as Windows?
Not quite. Linux is still considered more robust, but its increased use in cloud, IoT, and critical infrastructure makes it a bigger target every year.
3. What about macOS security?
macOS remains less targeted, but this is changing. Developers and enterprises using macOS are increasingly facing tailored attacks, especially via third-party software or supply chain compromises.
4. How can organizations defend themselves effectively?
- Prioritize patching critical vulnerabilities.
- Use EDR/XDR solutions with behavioral analytics.
- Continuously monitor endpoints and network traffic.
- Train staff against phishing and social engineering, since many exploits are delivered via malicious documents.
