🔍 What Happened
The vulnerability exploitation window, the time between public disclosure of a flaw and the first observed cyberattack, has collapsed dramatically. According to Rapid7’s latest Cyber Threat Landscape Report, the median time-to-exploit for high- and critical-severity vulnerabilities has dropped to only 5 days. This sharp reduction means attackers are moving faster than ever to weaponise new vulnerabilities.
In 2025, the number of confirmed exploited high-severity vulnerabilities more than doubled compared to the previous year. At the same time, the median time from disclosure to inclusion on the CISA Known Exploited Vulnerabilities (KEV) list dropped from 8.5 to just 5 days.
This trend is driven by the industrialisation of cybercrime and the widespread use of AI tools, which enable threat actors to automate and accelerate both vulnerability discovery and exploitation.
⚠️ Why It Matters
The shrinking vulnerability exploitation window puts immense pressure on organisations of all sizes. As attackers exploit twice as many severe flaws in half the time, traditional patching cycles are no longer fast enough to keep up. Every patch release can act as a roadmap for cybercriminals, who now have the tools and incentive to reverse-engineer updates and create exploits within days.
This evolution is not just about zero-day vulnerabilities. Most attacks now focus on known, patched vulnerabilities—so-called “n-day” bugs—where threat actors capitalise on delays in patch deployment. Even companies with robust security teams struggle to patch quickly enough to stay ahead of this accelerated threat landscape.
- Industrialised cybercrime: Ransomware groups and brokers weaponise new vulnerabilities rapidly.
- AI-powered attacks: Automated tools dramatically cut the time needed to create exploits.
- Increased risk: A delayed patch can mean an open door for attackers.
✅ What To Do
To defend against attacks within this narrow vulnerability exploitation window, organisations must rethink patch management and vulnerability response strategies. Speed and automation are essential for effective risk management.
- Adopt continuous vulnerability monitoring to detect and prioritise critical exposures in real time.
- Automate patch deployment where possible, reducing manual bottlenecks.
- Implement robust vulnerability management processes, including regular software inventory and threat intelligence integration.
- Educate staff on the importance of rapid response to security advisories and alerts.
- Work with trusted security partners to accelerate remediation and adopt best practices.
With the exploitation window now measured in days, a proactive and agile approach to vulnerability management is crucial for all modern organisations.
Originally reported by CSO Online.
