Five Key Flaws Exploited in 2025’s Software Supply Chain Incidents

Five Key Flaws Exploited in 2025’s Software Supply Chain Incidents

https://www.infosecurity-magazine.com/news-features/five-flaws-exploited-2025-software/

Publish Date: 2026-01-12 23:30:14

Source Domain: www.infosecurity-magazine.com

In 2025, the number of Common Vulnerabilities and Exposures (CVE) reports hit a new record, with nearly 46,000 disclosed vulnerabilities marking a significant increase from the previous year. According to cybersecurity experts, this surge, reported daily at an average rate of 130.4, shows a major security concern. Despite a decrease in critical and high-severity reports compared to the previous year, the heightened level of vulnerabilities and notable exploits indicates a substantial volume of significant threats. The article highlights five major software supply chain incidents that played pivotal roles in affecting organizations’ security architectures and strategic frameworks in 2025, including the React2Shell vulnerability, Shai Hulud 2.0 supply chain attack, exploits of Oracle E-Business Suite by Clop, ToolShell attacks on SharePoint on-premises servers, and the reoccurrence of a high-severity Citrix Bleed vulnerability.

Key Points:
– 2025 saw 45,777 CVE being reported, representing a 19% growth compared to 2024.
– Significant incidents include React2Shell affecting React server component and Shai Hulud 2.0 impacting numerous npm packages.
– Exploitation of Oracle E-Business Suite by Clop led to data extraction from several large enterprises.
– ToolShell exploited SharePoint vulnerabilities, targeting government and healthcare sectors.
– CitrixBleed 2, similar to the previous CitrixBleed flaw, affected NetScaler devices allowing attackers to bypass authentication.