2025 Supply Chain Vulnerability Report
Navigating a New Era of Managing Vulnerability Risk in Third Parties
By the Black Kite Research & Intelligence Team (BRITE)
2025 Supply Chain Vulnerability Report
Navigating a New Era of Managing Vulnerability Risk in Third Parties
By the Black Kite Research & Intelligence Team (BRITE)
INTRODUCTION
In today's hyperconnected world, vulnerabilities are no longer just an internal IT concern—they are a supply chain risk.
Organizations increasingly rely on third-party vendors, open-source components, and cloud services, creating a web of interdependencies where a single unpatched vulnerability can trigger widespread disruptions. In 2024, third-party risk became even more apparent, with high-impact vulnerabilities in widely used software and services exposing organizations to ransomware attacks, data breaches, and operational failures

At Black Kite, we analyzed thousands of vulnerabilities throughout the year, providing:

Intelligence that helps organizations pinpoint which vendors in their supply chain are affected

Which IT assets and products are at risk

How threat actors are likely to exploit them
This intelligence enables our customers to integrate high-priority vulnerabilities into their rapid response strategies, acting before an exploit turns into a crisis.
While several annual vulnerability reports exist, this report takes a fundamentally different approach.
Instead of just looking at individual vulnerabilities in isolation and solely focusing on Common Vulnerability Scoring System (CVSS) ratings, we examine how vulnerabilities propagate through vendor ecosystems, which industries face the highest exposure, and how attackers exploit weak links in the supply chain.
By looking at the "web of interdependencies" and how a weakness in one supplier can affect many others, this report prioritizes third-party risk management (TPRM) and supply chain security.

TABLE OF CONTENTS

01 | EXECUTIVE SUMMARY
Key findings on vulnerability trends and supply chain risks, and insight into our research methodology.

02 | CHALLENGES
Dig into the challenges standing in the way of successful third-party vulnerability management.

03 | TRENDS & STATISTICS
Understand vulnerability exploitation trends and threat actor tactics.

04 | PRIORITIZE
Narrow down vulnerabilities from hundreds to a manageable number.

05 | TAKE ACTION
Use risk hunting and continuous monitoring to surface vulnerabilities that truly demand action.

06 | ENGAGE VENDORS
Reach out to vendors with specific intelligence on the vulnerabilities you need to take action on.

07 | NEXT STEPS
Key lessons learned and next steps to move your TPRM program forward.