Verizon 2025 DBIR: Tenable Research Collaboration Shines a Spotlight on CVE Remediation Trends

Tenable Research analyzed 17 edge-device CVEs featured in the 2025 Verizon DBIR — many of them zero-days or actively exploited — and measured industry-specific remediation times, finding widespread delays in patching across vendors (Cisco, Citrix, Fortinet, Ivanti, Juniper, Palo Alto, SonicWall). The report highlights APT exploitation (ArcaneDoor/UAT4356), ransomware groups (Fog, Akira) leveraging these vulnerabilities for initial access, the inclusion of these CVEs on CISA's KEV list, and recommends rapid remediation to reduce risk.