Threat observatory
Threat observatory
A multi-year read of the vulnerabilities in the apps and OSes Scout tracks (iOS, Android, macOS, Windows). We lead with the share of CVEs actually exploited (CISA KEV), a signal robust to NVD coverage effects, then add volume context and attack vectors.
Key metric · KEV share
2,5 % of CVEs published in 2025 were added to the CISA KEV catalog (exploited in the wild).
+0,4 pts vs 2024
KEV share is used as the hero metric: unlike raw CVE volume, it does not depend on NVD coverage in any given year. A rise signals more frequent exploitation, not just more publications.
Share of CVEs that became KEV
Percentage of CVEs published in the year that were later added to the catalog of actively exploited vulnerabilities (CISA KEV).
| Year | KEV share |
|---|---|
| 2021 | 4.6% |
| 2022 | 6.6% |
| 2023 | 2.8% |
| 2024 | 2.1% |
| 2025 | 2.5% |
| 2026* | 1.6% |
CVE volume over time
CVEs published per year, split between those linked to a tracked app and those linked to an OS release.
| Year | Tracked apps | OS releases |
|---|---|---|
| 2021 | 117 | 983 |
| 2022 | 164 | 1115 |
| 2023 | 191 | 1191 |
| 2024 | 172 | 1651 |
| 2025 | 192 | 1979 |
| 2026* | 206 | 875 |
Tracked apps OS releases
Raw volume is a context indicator, not a risk measure: it also reflects changes in NVD coverage and growth of the Scout catalog. Read it alongside KEV share.
Attack vectors
CVEs broken down by CVSS attack vector: remote (network), adjacent network, local access, or physical access.
| Year | Network (remote) | Adjacent network | Local access | Physical access |
|---|---|---|---|---|
| 2021 | 97 | 1 | 19 | 0 |
| 2022 | 138 | 0 | 24 | 2 |
| 2023 | 151 | 3 | 37 | 0 |
| 2024 | 140 | 0 | 30 | 2 |
| 2025 | 149 | 0 | 43 | 0 |
| 2026* | 184 | 1 | 21 | 0 |
Network (remote) Adjacent network Local access Physical access
91% of 2025 CVEs have no CVSS vector recorded (Tier 1 stubs, incomplete NVD) and are excluded from this chart, which shows the mix of known vectors.
2025 in review (latest complete year)
The current year is excluded from comparisons: its figures are not yet consolidated.
- KEV share
- 2,5 %
- CVEs published
- 2 165
- KEV added
- 55
- Apps affected
- 6
Breakdown by platform · 2025
A cross-platform CVE is counted for each platform it affects: this is a breakdown, not a partition.
iOS
353
9 in KEV
Android
508
11 in KEV
macOS
635
8 in KEV
Windows
970
30 in KEV
Methodology
- Sources: NVD (NIST) for CVEs and CVSS scoring, CISA KEV for the "actively exploited" status. Scope: apps tracked by Scout (iOS, Android, macOS, Windows) and documented OS releases.
- KEV share: number of CVEs published in the year and present in the CISA KEV catalog, divided by the total number of CVEs published in the year (Scope: Scout).
- Dates: CVEs are counted by NVD publication year; KEV by year added to the CISA catalog. We never count a present "open" status; a time series relies on immutable event dates.
- Limitation (coverage): CVE volume depends on NVD coverage and the size of the Scout catalog, both of which change over time. Raw volume is context, not a risk measure.
- Current year: marked with an asterisk (*) and excluded from year-over-year comparisons: its figures are not yet consolidated.
Data recomputed on 2026-06-05 22:41 UTC.