CVE Trends to Watch: Real-World Risks to Telecom and Professional Services

Tags:

CVEtrends blog 2025 (1)
emma-stevens-bio-portrait
Written by Emma Stevens
Threat Intelligence Researcher

Cybersecurity weaknesses span both software and hardware systems, creating numerous opportunities for exploitation. Among the most common access vectors leveraged by threat actors are phishing attacks and Common Vulnerabilities and Exposures (CVEs). When left unpatched, CVEs can pose significant risks to an organization’s systems, exposing sensitive data and operational assets to potential compromise.

Importantly, the threat extends beyond your own network. Third-party vendors also represent a critical point of vulnerability. If a vendor operates with an unpatched CVE or is affected by a zero-day exploit, your organization’s data could become collateral damage, subject to ransomware attacks, data breaches, or extortion tactics. Maintaining strong patch management practices and enforcing third-party risk assessments are essential for minimizing exposure.

Between 2023 and 2025, security researchers reported a 38% increase in Common Vulnerabilities and Exposures (CVEs), highlighting a sharp rise in publicly disclosed cybersecurity weaknesses across software and hardware systems. We expect 2025 to be no different. The rising number of CVEs represents a growing threat to organizations across all sectors; no entity is immune. From small businesses to global enterprises, every organization faces potential exposure if vulnerabilities are not promptly identified and addressed.

In this blog, we will dive into the CVE trends, the most targeted industries, and some of the biggest CVEs we witnessed. 

What are CVEs?

A CVE, or Common Vulnerabilities and Exposures, is a standardized identifier for a known cybersecurity vulnerability. Each CVE entry assigns a unique label to a specific security flaw found in software or hardware.

This system is critical to cybersecurity because it provides a common language for identifying vulnerabilities, enabling consistent and clear communication among security teams, researchers, and vendors. By standardizing how vulnerabilities are referenced and discussed, it enhances coordination in addressing and mitigating threats across diverse systems and organizations, ultimately improving the efficiency and effectiveness of security operations.

By referencing the same CVE ID, stakeholders can ensure they are discussing and remediating the exact same issue, which is essential for timely and effective vulnerability management.

Zero-day CVEs

CVEs are commonly exploited by threat actors like Advanced Persistent Threat groups (APTs), ransomware groups, malware groups, and general cyber criminals. A highly dangerous type of CVE is known as a zero-day. There are a few types of zero-days:

  • A zero-day vulnerability is a software flaw discovered by attackers before the vendor is aware of it. Since no patch is available at the time of discovery, exploitation attempts are often successful.
  • A zero-day exploit refers to the specific code or technique used to take advantage of this vulnerability, often sold or traded on dark web marketplaces.
  • A zero-day attack occurs when threat actors use a zero-day exploit to compromise a system—causing disruption, damage, or data theft before defenses can be deployed.

CVE trends by sector 

According to findings in our 2025 State of the Underground report, the United States had the highest concentration of exposed devices affected by critical vulnerabilities, reflecting both the scale of connected infrastructure and targeting by malicious actors. The most affected sectors were: 

  • Information (including telecommunications providers)
  • Professional, Scientific, and Technical Services (including software and cybersecurity vendors)

These sectors represent some of the most digitally connected and data-intensive industries, making them especially vulnerable to high-severity exploits and sophisticated threat activity.

The telecommunications sector experienced one of highest concentrations of critical CVEs over the past year. Security Researchers observed a notable rise in Advanced Persistent Threat (APT) group activity targeting telecommuncation—likely driven by its designation as Critical Infrastructure and its strategic importance.

Telecommunications providers not only facilitate national and global communications, but they also store and manage vast amounts of Personally Identifiable Information (PII), making them particularly attractive targets for both state-sponsored and criminal threat actors.

Professional, Scientific, and Technical Services are frequently targeted for many of the same reasons as the telecommunications sector—chief among them being their access to high-value and sensitive information. Organizations in this sector often handle proprietary research, intellectual property, and confidential client data, which makes them especially appealing to threat actors. Additionally, these entities are often perceived as more likely to pay ransom demands to regain access to critical systems or prevent data leaks, further increasing their attractiveness as targets for financially motivated attacks.

Cyber attacks on telecommunication companies 

In early 2025, security researchers identified five confirmed instances of compromised Cisco devices across multiple organizations throughout the world. Two of these attacks were on US-based telecommunication companies. These intrusions were attributed to the Chinese state-sponsored APT group known as Salt Typhoon, which has a history of targeting critical infrastructure and technology providers to gain persistent access and exfiltrate sensitive data. Salt Typhoon has reportedly targeted AT&T, Verizon, T-Mobile, and Lumen Technologies—to access sensitive communications and law enforcement data. Between December 2024 and January 2025, researchers observed over 1,000 attempted intrusions by the Salt Typhoon APT group targeting unpatched Cisco edge devices.

These large-scale, coordinated efforts highlight the group's continued focus on exploiting known vulnerabilities in critical network infrastructure to gain initial access and establish long-term persistence within targeted environments. While generally, newly discovered CVEs are heavily targeted, Salt Typhoon targeted older CVEs including: CVE-2023-20198 and CVE-2023-20273. Targeting older CVEs underscores the critical importance of continuous CVE tracking and timely patching. At Bitsight, we recommend that organizations—and their vendors—regularly assess their environments to ensure that known vulnerabilities are swiftly addressed.

Our Vulnerability Detection & Response solution enables you to proactively monitor and manage you and your vendors' security posture, helping to ensure they are not exposed to exploitable vulnerabilities that could pose a risk to your organization. 

Cyber attacks on Professional, Scientific, and Technical Services 

In June 2024, Bitsight TRACE researchers investigated a critical PHP vulnerability impacting organizations in the Professional, Scientific, and Technical Services sector. Tracked as CVE-2024-4577, the flaw received a maximum severity score of 10 on our Dynamic Vulnerability Exploit tool—indicating a high likelihood of exploitation by threat actors in the next 90 days. The Bitsight DVE Score is a predictive metric designed to assess the likelihood of a CVE being actively exploited. Unlike static scoring systems such as CVSS, the DVE Score incorporates real-time threat intelligence from underground forums and illicit marketplaces. It delivers comprehensive, end-to-end visibility into the CVE lifecycle—including exploitation likelihood, mapping to MITRE ATT&CK techniques, and early warning indicators of threat actor interest.

TRACE researchers also identified CVE-2024-23897, a critical Jenkins vulnerability disclosed in January 2024, and CVE-2024-3400, a high-impact Palo Alto Networks vulnerability reported in April 2024. Both vulnerabilities received a maximum DVE score of 10, signaling a strong likelihood of exploitation in the wild. Below, is the Global Footprint of CVE 2024-23897 from Bitsight's Groma Explorer.

Global Footprint of CVE 2024-23897
Global Footprint of CVE 2024-23897

Mitigation 

Protecting yourself and your organization from vulnerabilities like CVEs requires a proactive and layered approach. Here are three foundational strategies:

  • Continuous tracking: Maintain visibility into your digital environment by regularly scanning for vulnerabilities across all systems. Tools like Bitsight’s vulnerability detection and DVE Score can help you understand which threats are most likely to be exploited.

  • Timely patching: Implement a robust patch management program to ensure vulnerabilities are remediated quickly. Prioritize patches based on exploitability and potential impact to minimize exposure.

  • Staying informed: Stay current on the latest threats and trends. Leverage threat intelligence platforms and subscribe to CVE databases or security advisories to monitor new vulnerabilities as they’re disclosed.

By combining these efforts, organizations can significantly reduce their risk of compromise and strengthen overall cybersecurity resilience.

How does Bitsight help? 

Detection and prioritization

  • Dynamic Vulnerability Exploit (DVE) Score: Bitsight's proprietary DVE Score predicts the likelihood of a CVE being exploited in the near future. By incorporating real-time threat intelligence from underground sources, it enables security teams to focus on vulnerabilities that pose the greatest risk to their organization.
     
  • Vulnerability detection: Bitsight collects data from internet scans and, when necessary, deploys active probes to detect vulnerabilities in server software and applications. This approach helps identify exposed systems and assess immediate risk. 

Mitigation and remediation

  • Exposure detection & evidence certainty: Bitsight assesses a company's exposure to vulnerabilities and provides evidence certainty levels, indicating how conclusively the evidence shows that a company is exposed to or has mitigated a vulnerability. This information aids in prioritizing remediation efforts.
     
  • Vulnerability detection & response: Bitsight's solution enables organizations to rapidly detect and respond to zero-day vulnerabilities impacting their third-party ecosystem. It simplifies vendor prioritization, outreach, and tracking, facilitating faster remediation.

Third-party risk management

  • Continuous monitoring: Bitsight's Continuous Monitoring solution helps organizations continuously monitor and measure third-party security posture. It provides insights into vendor exposure to vulnerabilities, enabling proactive risk mitigation.
     
  • Third-Party vulnerability detection & response: Bitsight empowers organizations to take action on high-priority incidents by initiating vendor outreach and tracking responses to critical vulnerabilities through scalable templated questionnaires with tailored exposure evidence.