ACCORDING to Google Threat Intelligence Group, the number of zero-day vulnerabilities uncovered in enterprise software and appliances reached an all-time high last year, with GTIG tracking 90 zero-day vulnerabilities actively deployed in 2025. The findings exceed the 78 tracked during 2024 but fall short of the 100 zero days recorded in 2023.
The report notes that 43 (48%) of the 2025 zero-days targeted enterprise software and appliances, up from 36 (46%) in 2024, highlighting a shift towards enterprise infrastructure. Of the zero-days that targeted enterprise, almost half (21) targeted security and networking appliances, which are valued for potential code execution and wider network access.
End users remained the most common target, with 52% (47) of tracked zero-days used against end-user platforms and products, and operating systems bearing the majority of those targets (24, 27%), with Microsoft Windows being the most targeted OS. Browser-based zero-days reached a historic low at eight (9%), while nine zero-days were linked to financially motivated threat groups, including two ransomware operations. The report also noted ongoing activity by nation-state backed operations, particularly from China.