In 2025, 5,708 Linux kernel CVEs were published — the highest annual total ever recorded , representing 36% of all Linux kernel CVEs in history. Of these, 1 was rated Critical, 1,103 High severity , and 1 was confirmed as actively exploited in the wild via the CISA KEV catalog . A further 1,343 CVEs are still awaiting NVD severity scoring. Compared to 2024's 4,382 CVEs, 2025 represented an increase of 30% year-on-year. December was the most active month, with 1,056 CVEs published.
Monthly CVE Breakdown — 2025
CVEs published per month with severity breakdown
December (1,056) was the most active month in 2025. Together the top months account for a significant share of 2025's 5,708 total CVEs. November (104) had the lowest volume.
Severity Distribution — 2025
Breakdown across 5,708 CVEs
57% Medium · 19% High · 0% Critical. 1,343 CVEs (24%) still awaiting NVD scoring.
Monthly Counts — 2025
CVE counts by month and severity
December was the most active month with 1,056 CVEs — 19% of 2025's total. November (104) had the lowest volume.
| Month | Total | Critical | High | Medium | Low | Share of year |
|---|---|---|---|---|---|---|
| January | 223 | 0 | 50 | 172 | 1 |
4%
|
| February | 911 | 0 | 202 | 708 | 1 |
16%
|
| March | 208 | 0 | 42 | 164 | 2 |
4%
|
| April | 281 | 0 | 66 | 214 | 1 |
5%
|
| May | 550 | 0 | 127 | 423 | 0 |
10%
|
| June | 375 | 0 | 97 | 278 | 0 |
7%
|
| July | 405 | 0 | 121 | 283 | 1 |
7%
|
| August | 204 | 0 | 67 | 133 | 4 |
4%
|
| September | 737 | 0 | 210 | 527 | 0 |
13%
|
| October | 654 | 0 | 117 | 334 | 2 |
11%
|
| November | 104 | 0 | 1 | 1 | 0 |
2%
|
| December | 1,056 | 1 | 3 | 12 | 0 |
19%
|
| Total | 5,708 | 1 | 1,103 | 3,249 | 12 |
Actively exploited CVEs — 2025
1 CVE confirmed in CISA KEV catalog
All CVEs — 2025
5708 CVEs
| CVE ID | Package | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|---|
| CVE-2022-50815 | linux | Awaiting NVD | — | 2025-12-30 | In the Linux kernel, the following vulnerability has been resolved: ext2: Add sanity checks for group and filesystem si… | |
| CVE-2022-50821 | linux | Awaiting NVD | — | 2025-12-30 | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Don't leak netobj memory when gss_read_prox… | |
| CVE-2022-50811 | linux | Awaiting NVD | — | 2025-12-30 | In the Linux kernel, the following vulnerability has been resolved: erofs: fix missing unmap if z_erofs_get_extent_comp… | |
| CVE-2022-50814 | linux | Awaiting NVD | — | 2025-12-30 | In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/zip - fix mismatch in get/set sgl… | |
| CVE-2022-50817 | linux | Awaiting NVD | — | 2025-12-30 | In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid possible NULL deref in skb_clone() … | |
| CVE-2022-50818 | linux | Awaiting NVD | — | 2025-12-30 | In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix running_req for internal abort co… | |
| CVE-2023-54162 | linux | Awaiting NVD | — | 2025-12-30 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix possible memory leak in smb2_lock() argv… | |
| CVE-2022-50810 | linux | Awaiting NVD | — | 2025-12-30 | In the Linux kernel, the following vulnerability has been resolved: rapidio: devices: fix missing put_device in mport_c… | |
| CVE-2022-50812 | linux | Awaiting NVD | — | 2025-12-30 | In the Linux kernel, the following vulnerability has been resolved: security: Restrict CONFIG_ZERO_CALL_USED_REGS to gc… | |
| CVE-2022-50822 | linux | Awaiting NVD | — | 2025-12-30 | In the Linux kernel, the following vulnerability has been resolved: RDMA/restrack: Release MR restrack when delete The … |
2025 Linux Kernel CVE Highlights
-
Record year by a wide margin
2025's 5,708 CVEs make it the most prolific year in Linux kernel security history — 30% above 2024's 4,382 , representing 36% of all Linux kernel CVEs ever recorded across nearly 30 years of data . The jump primarily reflects the Linux kernel project's own CNA systematically backfilling and categorising previously unreported subsystem-level bugs.
-
Volume without critical severity
Despite setting the all-time CVE record, 2025 produced only 1 Critical-rated vulnerability. 57% of 2025 CVEs are Medium severity. This means the surge in raw numbers does not represent a proportional surge in high-severity risk.
-
Large backlog awaiting NVD scoring
1,343 of 2025's CVEs (24%) are still listed as "Awaiting NVD" — meaning no CVSS score has been assigned yet. This is typical for bulk-published CVEs from the Linux kernel CNA: the kernel team publishes CVEs rapidly, and NVD scoring lags by weeks or months.
-
Monthly variation
CVE publication in 2025 was uneven across months. December was the most active with 1,056 CVEs. November (104) had the lowest volume. Monthly spikes typically correspond to coordinated batches of backfilled CVEs being processed at once.