2025 forecast predicts a rise in global cyber threats

The Forum of Incident Response and Security Teams (FIRST) has released its 2025 Vulnerability Forecast, predicting a substantial increase in reported vulnerabilities with an estimated 45,505 Common Vulnerabilities and Exposures (CVEs) for the year.

The forecast reveals a significant 11% rise compared to 2024 and an almost fivefold increase from 2023, reflecting the escalating complexity of the global cyber threat landscape. According to data reported in the National Vulnerability Database (NVD), this dramatic surge demands that organisations refocus their strategies for risk prioritisation and mitigation.

"The number of reported vulnerabilities isn't just growing, it's accelerating," said Eireann Leverett, a key member of FIRST's Vulnerability Forecasting Team. "A combination of new players in the CVE ecosystem, evolving disclosure practices, new disclosure legislation in Europe, and a rapidly expanding attack surface is fueling this surge. Security teams can no longer afford to be reactive; they must anticipate and prioritise threats before they escalate."

Among the key findings in the 2025 forecast is a stable quarterly fluctuation, though threat actor activity and reporting trends may still influence disclosure rates. New contributors such as Linux and Patchstack have been noted for increasing the volume of disclosed vulnerabilities. Additionally, while memory safety vulnerabilities show a decline, cross-site scripting vulnerabilities are on the rise.

The forecast for 2026 suggests a continued upward trend, with a minimum of 51,299 CVEs anticipated, highlighting the ongoing challenges associated with vulnerability management.

Leverett attributes the rise in vulnerabilities to various factors including rapid technological advancements, policy changes in disclosure practices, and increasing geopolitical tensions. "More software, more vulnerabilities: The rapid adoption of open-source software and AI-driven vulnerability discovery has made it easier to identify and report flaws," Leverett explained.

Increased state-sponsored cyber activities also contribute to the exposure of more security weaknesses. Changes within the CVE ecosystem, such as adjustments in the assignment and reporting of vulnerabilities alongside funding challenges, have altered patterns of disclosure.

In response to these emerging threats, the report suggests organisations should transition from a reactive to a proactive approach in security management. This includes prioritising vulnerabilities based on risk rather than attempting widespread patching, optimising team resources, and engaging in predictive maintenance strategies.

Leverett emphasises the importance of refined risk assessment: "Use threat intelligence and predictive insights to identify vulnerabilities that pose the greatest danger. Consider not just the immediate risk but also how it evolves over time—factoring in the rate of vulnerability discovery, exploit creation, and exploitation prevalence."

Understanding and preparing for vulnerability reporting trends is also essential, with incident response teams advised to anticipate and manage the potential surges in vulnerability disclosures efficiently.

"Understanding the numbers is one thing, acting on them is what truly matters," Leverett concluded. "Organisations that use this data to guide their security planning can reduce exposure, mitigate risk, and stay ahead of attackers."

The FIRST 2025 Vulnerability Forecast employs a methodology based on historical data analysis, predictive time-series modelling, and disclosure trends from sources such as the NVD and MITRE CVE records, focusing exclusively on publicly reported vulnerabilities.