Vulnerabilities
We've curated 342 cybersecurity statistics about Vulnerabilities to help you understand how software weaknesses and system flaws are being exploited by cybercriminals in 2025. This insight can guide you in fortifying your defenses effectively.
Explore Subcategories
Related Topics
Showing 221-240 of 342 results
In one analysis, transport had 12% of vulnerable assets across cloud, APIs, and web applications.
Black Kite researchers found that 31 out of 140 third-party vendors have at least one critical vulnerability with a CVSS at or above 8. 15 vendors show an extremely high risk with CVSS scores above 9.
Exploits were observed being weaponised in minutes.
90 third-party vendors are flagged with high-risk threat categories. Among these, 35 vendors are marked with Known Exploited Vulnerabilities (KEV) tags.
65% of third-party vendors are not maintaining current patch levels, which exposes financial institutions to inherited risk from known vulnerabilities (CVEs) and potentially unpatched zero-day vulnerabilities in legacy technologies.
Over 83 zero-day vulnerabilities were actively exploited in real-world campaigns.
Code vulnerability was the second most costly attack vector, with $235,783,844 stolen across 47 on-chain security incidents in Q2 2025.
75% of organisations have BMS affected by known exploited vulnerabilities (KEVs).
49% of industrial organizations cite vulnerability prioritization as the most laborious task.
Of the organisations affected by KEVs, 51% are affected by KEVs that are also linked to ransomware and are insecurely connected to the internet.
Within organisations affected by KEVS that are also linked to ransomware and are insecurely connected to the internet, 2% of devices contain the same high level of risk, meaning they are essential to business operations and are operating at the highest level of risk exposure
37% of respondents cited software vulnerabilities and zero-days as a top concerning threat.
For the third year in a row, exploited vulnerabilities were identified as the number one technical root cause of ransomware attacks.
40% of ransomware victims stated that adversaries exploited a security gap they were unaware of, highlighting issues with attack surface visibility.
37% of respondents cited software vulnerabilities and zero-days as a top concerning threat.
36% of organizations have at least one cloud asset supporting more than 100 attack paths.
62% of organizations have at least one vulnerable AI package.
Each neglected cloud asset contains on average 115 vulnerabilities.
Organisations detect an average of 17 vulnerabilities in their cloud environments per week.
67% of organisations conduct cloud vulnerability assessments monthly or more frequently.