Preface

In 2024, the global cybersecurity field continued to face increasingly severe challenges. Against the
backdrop of digital transformation, vulnerability exploitation has become a top priority for
cyberattacks. According to statistics, the number of newly discovered vulnerabilities worldwide has
reached a new high, with the complexity of vulnerabilities increasing and the repair cycle
shortening. However, attackers' methods have become more sophisticated, with vulnerability-based
attack paths becoming more concealed and composite. The threat of vulnerabilities in open-source
projects, cloud computing, the Internet of Things (IoT), domestic software, and critical
infrastructure has significantly increased.

Looking ahead to 2025, the rapid development of artificial intelligence, quantum computing, cloud-
native architectures, and IoT will further expand the attack surface for vulnerabilities. The conflict
between vulnerability discovery, repair, and exploitation will become the focal point of future
offensive and defensive strategies. This report, based on the vulnerability data, typical cases, and
security incidents collected by Qi An Xin CERT in 2024, comprehensively presents the
vulnerability landscape. It also provides a forward-looking outlook on emerging technology trends
related to vulnerabilities in 2025, offering reference for enterprises, government agencies, and
cybersecurity practitioners.

Summary
Key Findings on the 2024 Vulnerability Landscape:
Continued Growth in Vulnerability Numbers: In 2024, 43,757 new vulnerabilities were discovered,
a year-on-year increase of 46.7%. Among these, 17.8% were high-risk vulnerabilities, indicating a
deepening overall threat level.
Shortening Time Window from Exposure to Exploitation: The average time from exposure to
exploitation has been reduced to 18 days, posing increasing challenges for timely identification and
patching of actual threats.
Vulnerabilities Facilitating APT Attacks: APT groups increasingly prefer to use zero-day
vulnerabilities and composite attack chains, targeting government, energy, financial, and domestic
software industries.
Increased Focus on Domestic Software Vulnerabilities: 706 vulnerabilities in domestic software
were disclosed, mainly concentrated in OA and ERP systems, exposing weaknesses in domestic
software security auditing capabilities.
High Threat from Supply Chain Vulnerabilities: Supply chain vulnerabilities are frequently
exploited, with notable cases like the XZ Utils backdoor incident, which had widespread
propagation and was difficult to repair.
Ransomware Continues to Benefit from Vulnerability Exploitation: Ransomware groups frequently
exploit vulnerabilities, with high-risk industries including healthcare, education, and energy.

Outlook on 2025 Vulnerability Trends:

AI-Driven Vulnerability Discovery and Exploitation: Artificial intelligence will be widely used for
vulnerability discovery, analysis, and attack path optimization, significantly increasing the
complexity of both attacks and defenses.
Quantum Computing Impact on Traditional Cryptographic Algorithms: As quantum computing
capabilities gradually advance, traditional encryption protocols may be affected in the long term.
Outbreak of Cloud-Native and Virtualization Vulnerabilities: Vulnerabilities such as container
escape and Kubernetes misconfigurations in cloud-native architectures will become hotspots.
Surge in IoT Device Vulnerabilities: Firmware and communication protocol vulnerabilities in IoT
devices will be exploited on a large scale by attackers.
Automation and Industrialization of Vulnerability Exploitation: The rise of "Exploitation-as-a-
Service" will drive the scaling of vulnerability attacks.
Table of Contents
Chapter 1: 2024 Vulnerability Landscape Analysis
1. Vulnerability Statistics and Trends
2. Vulnerability Type Distribution and Threat Analysis
3. Vendor and Industry Impact Distribution
4. Key Vulnerability Proportions
5. Vulnerability Tag Proportions
6. Top 10 Most Popular Vulnerabilities
7. Most Dangerous CWE Types in 2024
8. Vulnerability Repair Timeliness

Chapter 2: Major Vulnerability Case Studies

1. Secret Backdoor Discovered in XZ Utils Library Triggers Emergency Security Alert
2. Hackers Exploit Zero-Day Vulnerability to Breach Thousands of Palo Alto Networks Firewalls
3. Zero-Click Windows TCP/IP RCE Affects All IPv6-Enabled Systems, Immediate Patching
Required
4. Google Discloses Chrome Zero-Day Vulnerability Used to Deploy Malware
5. UNC5820 Threat Cluster Exploits Fortinet Zero-Day Vulnerability to Steal Enterprise
Configuration Data
6. Firefox Zero-Day Vulnerability Used by Cybercrime Groups
7. Critical RCE Vulnerability in VMware vCenter Server Now Actively Exploited
8. Microsoft High-Risk Vulnerability "MadLicense" Gains Widespread Attention

Chapter 3: Key Vulnerability Categories Analysis

1. Zero-Day Vulnerabilities
2. In-the-Wild Exploited Vulnerabilities
3. Ransomware-Related Vulnerabilities
4. APT Activity-Related Vulnerabilities
5. Other Key Vulnerability Categories

Chapter 4: Emerging Technology Trends in 2025

1. Artificial Intelligence (AI) and Automated Vulnerability Discovery
2. Cryptographic Vulnerabilities Under Quantum Computing Impact
3. Cloud-Native Architecture and Virtualization Vulnerability Trends
4. IoT Device Vulnerabilities and Attack Surface Expansion
5. Evolution of Automated Vulnerability Exploitation and Attack Tools

Chapter 5: Vulnerability Handling Recommendations

Chapter 6: Conclusion
Chapter 7: Qi An Xin Vulnerability Intelligence Subscription Service

Appendix 1: 2024 Zero-Day Vulnerability List

Appendix 2: 2024 In-the-Wild Exploited Vulnerability List

Chapter 1: 2024 Vulnerability Landscape Analysis

1. Vulnerability Statistics and Trends
From January 1 to December 31, 2024, Qi An Xin CERT monitored a total of 43,757 new
vulnerabilities, a year-on-year increase of 46.7%. Among these, 7,777 were high-risk or critical
vulnerabilities, accounting for 17.8% of the total. The surge in vulnerability numbers is primarily
due to the increasing complexity of the technology ecosystem, the growing use of open-source
components, and the rising professionalism of attackers.
2. Vulnerability Threat Type Distribution
Code execution, information leakage, and privilege escalation are the core types of vulnerabilities
exploited by attackers, especially in complex attack chains. The top three vulnerability types by
quantity are code execution, denial of service, and information leakage.

3. Vendor and Industry Impact Distribution

The top vendors affected by vulnerabilities in 2024 include open-source projects, Microsoft, Linux,
Google, Apple, WordPress, Adobe, Apache, Jenkins, and Cisco. Domestic software vulnerabilities
accounted for 706 cases, with a focus on OA and ERP systems, particularly affecting government,
financial, and energy sectors.

4. Key Vulnerability Proportions

In 2024, Qi An Xin CERT marked 450 key vulnerabilities, accounting for 1.03% of the total new
vulnerabilities. Among these, 1,100 had publicly available exploits or proof-of-concept (PoC) code,
343 were found to be actively exploited in the wild, 113 were zero-day vulnerabilities, and 24 were
related to APT activities.

5. Vulnerability Tag Proportions

Qi An Xin's vulnerability intelligence system uses a comprehensive multi-dimensional vulnerability
information integration and attribute labeling mechanism, including tags such as "key
vulnerability," "in-the-wild exploitation," "PoC publicly available," and "impact level."

6. Top 10 Most Popular Vulnerabilities

The most popular vulnerabilities in 2024 include OpenSSH Remote Code Execution (CVE-2024-
6387), Windows Remote Desktop Authorization Service Remote Code Execution (CVE-2024-
38077), and XZ Utils Backdoor Implantation (CVE-2024-3094).

7. Most Dangerous CWE Types in 2024

The most dangerous CWE types in 2024 include improper data validation (CWE-20), SQL injection
(CWE-89), and use-after-free (CWE-416).

8. Vulnerability Repair Timeliness

The average time to repair vulnerabilities in 2024 was 45 days, a 10% reduction compared to 2023.
However, 30% of zero-day vulnerabilities took more than 30 days to repair, with some being
exploited before disclosure.

Chapter 2: Major Vulnerability Case Studies

1. Secret Backdoor Discovered in XZ Utils Library
In 2024, a secret backdoor was discovered in the XZ Utils library, which could decrypt and execute
commands under certain conditions. Users were advised to downgrade to unaffected versions and
conduct incident response.

2. Hackers Exploit Zero-Day Vulnerability to Breach Palo Alto Networks Firewalls

A zero-day vulnerability in Palo Alto Networks' GlobalProtect feature was exploited by threat actors
to create reverse shells and exfiltrate configuration data.

3. Zero-Click Windows TCP/IP RCE Affects All IPv6-Enabled Systems

A critical TCP/IP remote code execution vulnerability in Windows systems enabled attackers to
execute arbitrary code or cause denial of service via specially crafted IPv6 packets.

4. Google Discloses Chrome Zero-Day Vulnerability Used to Deploy Malware

A zero-day vulnerability in Chrome's V8 JavaScript engine was exploited to deploy malware, with
attackers using it to gain SYSTEM privileges on Windows systems.

5. UNC5820 Threat Cluster Exploits Fortinet Zero-Day Vulnerability

A zero-day vulnerability in FortiManager was exploited by the UNC5820 threat cluster to steal
configuration data and move laterally within enterprise networks.

6. Firefox Zero-Day Vulnerability Used by Cybercrime Groups

A zero-day vulnerability in Firefox was exploited by the RomCom cybercrime group to distribute
malware, targeting users of Firefox and Tor browsers.

7. Critical RCE Vulnerability in VMware vCenter Server

Two critical vulnerabilities in VMware vCenter Server were actively exploited, allowing attackers
to execute arbitrary code and escalate privileges.

8. Microsoft High-Risk Vulnerability "MadLicense"

A high-risk vulnerability in Windows Remote Desktop Licensing Service, dubbed "MadLicense,"
allowed attackers to gain full control of affected systems without user interaction.

Chapter 3: Key Vulnerability Categories Analysis

1. Zero-Day Vulnerabilities
In 2024, 113 zero-day vulnerabilities were recorded, with 77% being actively exploited in the wild.
These vulnerabilities are highly destructive and difficult to defend against.

2. In-the-Wild Exploited Vulnerabilities

In 2024, over 1,200 vulnerabilities were actively exploited, with 343 newly exposed. Remote
vulnerabilities accounted for 92.2%, while local vulnerabilities made up 7.8%.

3. Ransomware-Related Vulnerabilities
Ransomware groups frequently exploit vulnerabilities to gain initial access. Notable vulnerabilities
include those in ConnectWise ScreenConnect and JetBrains TeamCity.

4. APT Activity-Related Vulnerabilities

APT groups often exploit vulnerabilities to steal sensitive data or conduct destructive activities. Key
vulnerabilities include those in Jenkins, Microsoft, and WPS Office.

5. Other Key Vulnerability Categories

Other significant vulnerabilities include GitLab password reset vulnerabilities, Atlassian Confluence
remote code execution vulnerabilities, and SolarWinds Serv-U directory traversal vulnerabilities.

Chapter 4: Emerging Technology Trends in 2025

1. AI and Automated Vulnerability Discovery
AI will play a significant role in automating vulnerability discovery and exploitation, reducing the
time to discover high-risk vulnerabilities by 30%-40%.

2. Quantum Computing Impact on Cryptographic Vulnerabilities

Quantum computing may render traditional cryptographic algorithms obsolete, with quantum-
resistant algorithms becoming essential.

3. Cloud-Native and Virtualization Vulnerabilities

Vulnerabilities in container escape, Kubernetes misconfigurations, and serverless architectures will
become more prevalent.

4. IoT Device Vulnerabilities

Firmware and communication protocol vulnerabilities in IoT devices will be increasingly exploited,
with attackers using them to penetrate enterprise networks.

5. Automation of Vulnerability Exploitation

Vulnerability exploitation tools will become more automated and modular, with the rise of
"Exploitation-as-a-Service" in underground markets.

Chapter 5: Vulnerability Handling Recommendations

Comprehensive Vulnerability Management System: Enterprises should adopt advanced
vulnerability scanning and patch management tools, conducting regular security assessments.
Strengthen Vulnerability Governance: Deploy automated vulnerability scanning and repair tools,
prioritize high-risk vulnerabilities, and isolate critical systems.
Address Emerging Threats: Deploy quantum-resistant algorithms and conduct continuous security
audits of cloud-native and IoT systems.
Enhance Supply Chain Security: Assess the security of open-source components and third-party
vendors to ensure supply chain transparency and security.
Promote Security Awareness: Conduct regular cybersecurity training for employees to improve their
ability to respond to social engineering and security threats.
Implement Zero-Trust Architecture: Deploy zero-trust security architectures to defend against
vulnerability exploitation across identity verification, access control, and data protection.

Chapter 6: Conclusion
The 2024 vulnerability landscape indicates a continued increase in vulnerability numbers and a
comprehensive escalation of threats. Key areas of vulnerability outbreaks and industry-specific
threats have become more pronounced, with exploitation methods becoming more complex and
concealed. Looking ahead to 2025, the rapid development of AI, quantum computing, cloud-native
technologies, and IoT will further expand the vulnerability threat landscape, demanding higher
standards for network defense. Enterprises must adjust their security strategies promptly, building
proactive defense systems through technological upgrades, automated management, and threat
intelligence support to counter increasingly complex vulnerability threats.

Chapter 7: Qi An Xin Vulnerability Intelligence Subscription Service

Qi An Xin's vulnerability intelligence service provides real-time updates on newly discovered
vulnerabilities, known vulnerabilities, and patch recommendations. It offers comprehensive
vulnerability information, efficient vulnerability intelligence operations, timely risk notifications,
in-depth technical analysis, flexible API interfaces, and customized emergency response services.

Appendix 1: 2024 Zero-Day Vulnerability List

A detailed list of zero-day vulnerabilities discovered in 2024, including their disclosure dates, threat
levels, and types.
Appendix 2: 2024 In-the-Wild Exploited Vulnerability List
A detailed list of vulnerabilities actively exploited in the wild in 2024, including their discovery
dates, threat levels, and types.

This translation provides a comprehensive overview of the document's content, summarizing key
points and trends in the 2024 cybersecurity vulnerability landscape and offering insights into
emerging threats for 2025.