1 min read

Google TIG: 90 Zero-Days Exploited in 2025, Enterprise Tech Hits All-Time High

Canopy Security
Google Threat Intelligence Group report showing 90 zero-day vulnerabilities exploited in 2025, with enterprise tech at an all-time high

Google's Threat Intelligence Group documented 90 zero-day vulnerabilities actively exploited in 2025, nearly reaching 2023's record of 100 and exceeding 2024's total of 78. Enterprise software and appliances were targeted by 43 of those zero-days — an all-time high at 48% of all attacks — with security and networking edge devices accounting for nearly half of enterprise-targeted bugs. China-linked espionage groups exploited the highest number of attributed enterprise tech zero-days, while commercial surveillance vendors (CSVs) such as NSO Group and Candiru led attribution for the first time since tracking began.

Key Takeaways

  • Google TIG tracked 90 zero-days exploited in 2025 (up from 78 in 2024); 43 targeted enterprise software and appliances — an all-time high; security and networking edge devices accounted for 21 of those 43
  • Of 42 attributed zero-days: 15 exploited by commercial surveillance vendors (CSVs) + 3 likely CSVs; 12 by state-sponsored espionage (7 China-linked); 9 by financially motivated cybercriminals — CSVs outnumbered state actors in total attribution for the first time
  • Microsoft saw the most total zero-days exploited in 2025; Google (11) and Apple (8) round out the top three; China-nexus groups focused heavily on edge device exploitation across routers, switches, and gateways

Original source: The Register / Google GTIG