The vendor didn’t provide evidence of active exploitation, yet experts said it’s only a matter of time before that changes.