THE Securelist piece on Exploits and vulnerabilities in Q4 2025 notes that the fourth quarter was one of the most intense periods for high-profile vulnerability disclosures, with many flaws exploited in the wild soon after disclosure. It highlights exploits targeting Microsoft Office products on Windows, while also detailing repeated use of archiver vulnerabilities in WinRAR, including CVE-2023-38831, CVE-2025-6218 and CVE-2025-8088.
Notable vulnerabilities publicly described in Q4 include React2Shell (CVE-2025-55182), a vulnerability in React Server Components, and CVE-2025-54100 related to command injection during curl or Invoke-WebRequest, among others such as CVE-2025-11001 in 7-Zip and CVE-2025-49844 in Redis. The report also covers older flaws like Zerologon (CVE-2020-1472) and PrintNightmare (CVE-2021-34527) appearing in APT attacks, and notes a surge in Linux exploit attempts driven by growing Linux-based consumer devices.
It stresses that the exploitation of fresh vulnerabilities in APT attacks is driven by the need for rapid access and that Linux and Windows are both prominent targets, with a marked increase in Linux activity in Q4.