The severity is CRITICAL due to the high number of zero-days affecting enterprise technologies, which pose a significant risk. The real-world exploitability is confirmed with many exploits linked to state-sponsored actors and commercial surveillance vendors.
Google's Threat Intelligence Group reported that 90 zero-day vulnerabilities were exploited in 2025, with nearly half targeting enterprise technologies. Microsoft, Google, Apple, and Cisco are among the most affected vendors, with a significant number of exploits linked to state-sponsored actors like UNC5221 and UNC3886.
Affected Systems
- Microsoft products
- Google services
- Apple devices
- Cisco networking equipment
Remediation
- Apply the latest security updates for all affected Microsoft, Google, Apple, and Cisco products.
- Monitor network traffic for signs of exploitation targeting security appliances and edge devices.
- Enable additional logging and monitoring on enterprise software to detect unauthorized access.
Stack Impact
This affects a wide range of enterprise technologies including networking and cybersecurity appliances from vendors like Microsoft, Google, Apple, and Cisco.