CISA's Catalog of Exploited Vulnerabilities Expands by 20% in 2025

The Cybersecurity and Infrastructure Security Agency (CISA) maintains a catalog of vulnerabilities that have been exploited in real-world cyber attacks. This catalog serves as a critical resource for cybersecurity professionals to prioritize vulnerability management and patching efforts. According to a report from heise.de, CISA's catalog of exploited vulnerabilities grew by 20% in 2025 compared to the previous year. However, the report does not provide specific details about the types of vulnerabilities included in this increase, such as Common Vulnerabilities and Exposures (CVEs) identifiers, nor does it indicate which sectors or industries were most affected by these vulnerabilities. The lack of technical details makes it challenging to assess the precise implications of this growth for the cybersecurity landscape. In general, an increase in the number of exploited vulnerabilities being tracked by CISA could reflect a variety of factors, including a rise in cyber threat activity, improved detection and reporting of exploited vulnerabilities, or changes in CISA's cataloging practices. Without additional context, it is not possible to determine the root causes of this increase or to provide targeted recommendations for cybersecurity professionals. Cybersecurity professionals should continue to monitor updates from CISA and other reliable sources for more detailed information about specific vulnerabilities and their potential impacts. In the meantime, maintaining robust vulnerability management practices, including timely patching and prioritizing known exploited vulnerabilities, remains a critical defense strategy against cyber threats.