Full Report
Thor analyzes CVE data from 2025 and provides recommendations for where and how organizations should strengthen their defenses.
Analysis Summary
# Vulnerability: 2025 CVE Landscape & Emerging AI Risks
## CVE Details
- **CVE ID:** Aggregate analysis of 48,196 CVEs (Focus on 241 KEVs)
- **CVSS Score:** Variable (High-to-Critical impact noted in KEVs)
- **CWE:** CWE-79 (XSS), CWE-89 (SQL Injection), CWE-502 (Deserialization)
## Affected Systems
- **Products:**
- Network Infrastructure: Firewalls, VPNs, and Network Appliances.
- AI Platforms: AutoGPT, Open WebUI, Ollama, vLLM, llama.cpp, LLaMA-Factory, MaxKB, Dify, LangChain.
- ML Frameworks: PyTorch, TensorFlow, scikit-learn, XGBoost, Hugging Face, MLflow.
- LLM Services: ChatGPT (OpenAI), Claude (Anthropic).
- **Versions:** Various; includes legacy systems with vulnerabilities dating back to 2007.
- **Configurations:** Systems lacking MFA; Internet-facing network appliances; unpatched legacy environments.
## Vulnerability Description
The 2025 landscape is characterized by a high volume of traditional software flaws (XSS, SQLi, and Deserialization) persisting in modern applications. A significant trend involves "Model Context Protocol (MCP)" and LLM-specific vulnerabilities. While the data shows a doubling of AI-related CVEs (330 in 2025), traditional CVE methodology still struggles to capture non-code flaws like prompt injection, training data extraction, and model inversion attacks.
## Exploitation
- **Status:** Exploited in the wild (CISA KEV catalog grew by 241 entries in 2025). 39% of 2025's KEVs originated from older CVEs (2024 and earlier).
- **Complexity:** Low to Medium (Automated exploitation of common web flaws).
- **Attack Vector:** Network (Primarily targeting external-facing infrastructure).
## Impact
- **Confidentiality:** High (Data breaches via SQLi and AI training data extraction).
- **Integrity:** High (Web defacements and model manipulation).
- **Availability:** High (DDoS attacks and infrastructure compromise).
## Remediation
### Patches
- Organizations are advised to update all AI frameworks and network appliance firmware to the latest available vendor versions.
- Immediate attention is required for the 54 KEVs specifically targeting firewalls and VPNs.
### Workarounds
- **Microsegmentation:** Isolate legacy systems that cannot be patched.
- **Enhanced Monitoring:** Implement strict logging for infrastructure components.
- **MFA:** Enable Multi-Factor Authentication across all entry points to mitigate social engineering/lure-based attacks.
## Detection
- **Indicators of Compromise (SHA256):**
- `96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974` (W32.Injector)
- `9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507` (Win.Worm.Coinminer)
- `5bb86c1cd08fe5e1516cba35c85fc03e503bd1b5469113ffa1f1b9e10897f811` (Win.Dropper.Suloc)
- **Detection Methods:** Regular asset inventory audits to identify "shadow" AI tools (e.g., Ollama, LangChain) and monitoring for unsolicited links related to high-profile geopolitical conflicts.
## References
- Cisco Talos Blog: hxxps[://]blog[.]talosintelligence[.]com/
- OWASP Top 10 for LLM: hxxps[://]genai[.]owasp[.]org/llm-top-10/
- MITRE ATLAS: hxxps[://]atlas[.]mitre[.]org/
- Talos File Reputation: hxxps[://]talosintelligence[.]com/talos_file_reputation