A new analysis by the Forum of Incident Response and Security Teams (FIRST) predicts that reported cybersecurity vulnerabilities will reach nearly 50,000 in 2025, marking an 11% increase from 2024 and a 470% rise from 2023. This surge is driven by AI-driven vulnerability discovery, the expansion of open-source software, and increased state-sponsored cyber activities. The report emphasizes the need for organizations to adopt proactive risk management strategies, prioritizing vulnerabilities based on risk and planning patching efforts efficiently.
The analysis highlights the role of contributors like Patchstack in the CVE ecosystem, which is leading to more vulnerabilities being reported, particularly in platforms like WordPress. FIRST advises organizations, especially small to medium-sized enterprises and large corporations, to anticipate increased demands on IT resources and to review risk management processes and SLAs with third-party IT suppliers. The forecast suggests that proactive risk management is crucial as cybersecurity risks continue to rise, with over 51,000 vulnerabilities expected by 2026.
Key takeaways:
Vulnerabilities are increasing – FIRST predicts up to 50,000 CVEs in 2025, an 11% rise from 2024 and 470% increase from 2023.
AI and open-source adoption are driving more vulnerability disclosures.
State-sponsored cyber activity is exposing more security weaknesses.
Shifting from reactive to proactive security is essential for managing risks.
