Year-End Surge: Old Vulnerabilities Persist, React2Shell Dominates Attacks

Cyber Threat Intelligence’s year-end review highlights a persistent battle against aging vulnerabilities, with Log4j and PHPUnit continuing to plague infrastructure. However, the final weeks of 2025 saw a dramatic shift as React2Shell surged to become the most targeted vulnerability for the entire year. This rapid rise, even in the closing moments of the year, underscores a critical challenge for defenders: the shrinking window between vulnerability disclosure and widespread exploitation.

According to Cyber Threat Intelligence, the increasing sophistication of agentic AI has significantly lowered the time-to-exploit, making it harder for organizations to patch systems before they are targeted. The report notes that “Newly disclosed vulnerabilities in widely deployed software can generate significant, organization-wide impact long before typical patch cycles catch up, leaving defenders with small reaction windows and escalating consequences for even short-lived exposure.”

The analysis also points to outdated infrastructure as a prime target. Embedded components like PHPUnit and Log4j, often deeply integrated into legacy applications, expand the attack surface. Cyber Threat Intelligence emphasizes that “Low-use systems in a network can fossilize, unnoticed and unpatched,” while other critical systems become too entrenched to update without risking organizational instability. Attackers are specifically targeting software and firmware within network appliances and identity management systems.