Look What You Made Us Patch: 2025 Zero-Days in Review

GTIG's 2025 zero-day landscape report documents a shift toward greater exploitation by commercial surveillance vendors and their customers while PRC-nexus espionage groups remain prolific; financially motivated actors also increased zero-day use, including campaigns tied to CL0P/FIN11 and UNC2165. The report highlights technical spotlights—browser sandbox escapes that exploit OS/hardware components, a multi-stage SonicWall SMA 1000 exploit chain culminating in a reported 0-day local privilege escalation to root, and Samsung DNG image exploits enabling powerful media-store access—and enumerates numerous CVEs observed in the wild, demonstrating active, high-impact exploitation across platforms.