What’s New in Rapid7 Products & Services: Q1 2025 in Review

At Rapid7, we started off the year focused on delivering new features and advancements across our products and services to bring you the context needed to prioritize exposures, visualize your attack surface, and accelerate incident response. Read on for Q1 2025 release highlights across the Command Platform, from Exposure Command to Managed Threat Complete.

Discover and protect sensitive data across hybrid environments

Keeping sensitive data secure across hybrid and multi-cloud environments isn’t easy—especially without clear visibility. Data gets misplaced, duplicated, or left exposed, making risk assessment and compliance difficult. Sensitive Data Discovery, our latest feature delivering clarity and control to your security data, can help.

Available as part of Exposure Command and InsightCloudSec, Sensitive Data Discovery gives security teams real-time visibility into sensitive data, such as PII, financial data or customer records, across multi-cloud environments, helping identify exposures, prioritize risks, and take action faster.

With automated scanning and classification, you can pinpoint who has access to sensitive data, continuously monitor for exposures, and strengthen compliance while streamlining incident response. Learn more Sensitive Data Discovery here.

Intelligent vulnerability prioritization with AI-driven CVSS Scoring

In February 2024, the National Vulnerability Database (NVD) stopped providing CVSS scores for all CVEs, creating a gap in risk assessment as vulnerabilities go unscored. To bridge this gap, we’ve introduced AI-Generated Risk Scoring in Exposure Command, which uses machine learning to supplement missing CVSS scores and ensure an immediate, accurate risk rating for all CVEs without manual analysis.

This AI/ML scoring ensures all vulnerabilities are properly assessed, helping you prioritize remediation efforts efficiently and strengthen your overall security posture with the right context and insights. Discover more about AI-driven CVSS Scoring here.

Prioritize risk and accelerate remediation of critical exposures

To effectively prioritize remediation efforts and reduce cyber risk, you need clear contextual information about your assets and vulnerabilities. Without this, you risk misclassifying the severity of vulnerabilities and wasting effort on low-priority issues while high-risk threats remain unaddressed.

Our newly expanded Surface Command and Remediation Hub integration embeds this necessary context about assets and vulnerabilities directly within the asset inventory and detail pages of Surface Command, providing:

Faster mean-time-to-remediate (MTTR) by bringing prioritized remediation guidance directly to the pages your team is already working within in Surface Command.
Deeper asset context at the time of remediation, including insights from third-party security and ITOps tooling.
Improved collaboration by providing security teams and stakeholders with enriched context for quicker decision-making.

Learn more about how this integration can empower your team to act with confidence, ensuring that remediation efforts are focused on the vulnerabilities that matter most here.

MDR: A clear line of sight

New detection and response dashboard

Teams need a holistic view of threats, SOC activity, and response performance to have confidence in their program and communicate efficacy to leadership and stakeholders. Available for Managed Detection and Response customers, our new customizable Detection & Response Dashboard provides an executive-ready snapshot of your MDR program, offering real-time, easy-to-communicate insights into:

Threat prioritization & alert trends: Analyze the volume of alerts by severity and identify the most common alert types to understand the highest-risk threats.
Incident response efficiency: Threat pipeline visualization tracks how alerts progress to investigations and incidents, while mean time to begin investigating highlights response speed.
Investigation & resolution metrics: Insights into closed alerts and investigations by priority and disposition help teams assess the effectiveness of their threat response and remediation efforts.

Learn more about the dashboard in our blog.

Transparency in AI-driven security: AI Alert Triage decisioning

Artificial intelligence (AI) has transformed security operations, enabling faster detection and response. However, black-box AI decision-making can lead to uncertainty—why was an alert escalated or dismissed?

With Rapid7’s AI Alert Triage Transparency, MDR customers gain full visibility into the reasoning behind AI-driven security actions, such as what factors influenced alert prioritization. You’ll also benefit from Rapid7’s AI triage’s 99.89% accuracy, reducing noise and giving you more time to focus on investigating real threats. Learn more about what this means for your organization here.

The latest intelligence from Rapid7 Labs

Emergent threat response: Real-time guidance for critical threats

Rapid7’s Emergent Threat Response (ETR) program from Rapid7 Labs delivers fast, expert analysis and first-rate security content for the highest-priority security threats to help both Rapid7 customers and the greater security community understand their exposure and act quickly to defend their networks against rising threats.

In Q1 2025, Rapid7’s ETR team provided expert analysis, InsightVM content, and mitigation guidance for a variety of notable vulnerabilities, including several that came under active attack. Q1 CVEs of note include:

CVE-2025-1974, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-24513: Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes
CVE-2025-29927: Notable vulnerabilities in Next.js (CVE-2025-29927) and CrushFTP
CVE-2025-23120: Critical Veeam Backup & Replication RCE
CVE-2025-24813: Apache Tomcat RCE (low exploitability)
CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Multiple zero-day vulnerabilities in Broadcom VMware ESXi and other products
CVE-2024-55591: Zero-day exploitation of Fortinet FortiOS
CVE-2025-0282: Zero-day exploitation of Ivanti Connect Secure

Follow along here to see the latest emergent threat guidance from our team.

Technical assessments of CVEs in AttackerKB

This past quarter Rapid7 researchers also published additional vulnerability assessments in AttackerKB (Rapid7’s community platform for vulnerability research and threat data) to help customers and the community understand and prioritize notable CVEs:

CVE-2024-12084: Heap-based buffer overflow in Rsync
CVE-2025-0108: Path confusion vulnerability in Palo Alto Networks PAN-OS web service
CVE-2024-57727: Unauthenticated path traversal in SimpleHelp RMM

Coordinated vulnerability disclosure

In February 2025, Rapid7 researchers discovered a novel vulnerability in PostgreSQL (now assigned CVE-2025-1094) while researching BeyondTrust CVE-2024-12356, which was exploited as a zero-day flaw in a high-profile attack on the U.S. Treasury Department.

In every scenario Rapid7 researchers tested, a successful exploit for BeyondTrust CVE-2024-12356 had to include exploitation of PostgreSQL CVE-2025-1094 in order to achieve remote code execution. See Rapid7’s full analysis of CVE-2024-12356 here and our disclosure of PostgreSQL CVE-2025-1094 here.

Stay tuned for more!

As always, we’re continuing to work on exciting product enhancements and releases throughout the year. Keep an eye on our blog and release notes as we continue to highlight the latest in product and service investments at Rapid7.