In the wake of the Microsoft Exchange ProxyLogon zero-day and F5 BIG-IP security exploits earlier this year, many are questioning if and when should researchers publish proof of concepts for vulnerabilities and associated patches. A week after the patch was released and the PoC was published, perhaps half of vulnerable global servers still weren’t protected. By the end of March, with an estimated 25,000 servers still vulnerable, 10 advanced hacking groups had already exploited Microsoft Exchange servers, four emerging after the. PoC for the Java patch was published.
Source: https://www.helpnetsecurity.com/2021/05/05/publishing-poc-exploits/