Rising Exploit Attacks Target Windows and Linux in 2025
New Kaspersky data reveals that more Windows and Linux users faced vulnerability exploits in the first half of 2025 compared to 2024. According to cve.org, the total number of vulnerabilities registered during this period also grew, with attackers increasingly using exploits to gain unauthorized system access.
An exploit is a type of malware that takes advantage of a bug or flaw in an application or operating system. It is often used to gain entry into systems without permission. Kaspersky research shows that exploits targeting critical operating system vulnerabilities reached 64% in Q2 2025, up from 48% in Q1. In comparison, third-party applications accounted for 29% of exploits, while browsers made up 7%.
Growth in Linux and Windows Exploit Cases
Linux users experienced a sharp rise in exploit encounters this year. In Q2 2025, the number of affected Linux users was more than 50 points higher than in Q2 2024. Furthermore, Q1 2025 showed nearly double the number of exploit cases compared to the same quarter in 2024.
Windows users also faced higher risks. There was a 25-point increase in exploit encounters in Q1 2025 compared to Q1 2024. Additionally, Q2 2025 showed an 8-point rise over Q2 2024. These figures highlight a consistent upward trend across both major operating systems.
Among the vulnerabilities exploited in advanced attacks, such as Advanced Persistent Threats (APTs), both new zero-day flaws and older, known vulnerabilities were common. Attackers often use these weaknesses to gain system access and escalate privileges. Alexander Kolesnikov, security expert at Kaspersky, said, “Attackers increasingly use methods to escalate privileges and exploit weaknesses in digital systems. As the number of vulnerabilities continues to grow, it is very important to constantly prioritize patching known vulnerabilities and use software that can mitigate post-exploitation actions. CISOs should counter the consequences of exploitation by searching for and neutralizing command and control implants that can be used by attackers on a compromised system.”
Surge in Vulnerabilities and Security Measures
According to cve.org, both the number of critical vulnerabilities and the overall CVEs surged in the first half of 2025. At the beginning of 2024, around 2,600 CVEs were registered each month. By comparison, 2025 has already seen over 4,000 monthly registrations, reflecting a sharp escalation in risks.
To stay secure in this evolving threat landscape, Kaspersky recommends several practices. Organizations should investigate vulnerability exploits only in secure virtual environments and ensure 24/7 monitoring with a focus on perimeter defenses. In addition, companies must maintain a strong patch management process by promptly installing security updates. Tools such as Vulnerability Assessment and Patch Management, and Kaspersky Vulnerability Data Feed can help automate this process.
Finally, deploying advanced security solutions is essential. Kaspersky suggests using platforms like Kaspersky Next to detect and block malicious software on corporate devices. Enterprises should also adopt solutions with incident response features, employee training, and an updated cyberthreat database. Together, these measures provide stronger resilience against the rising tide of exploits.
