Skip to main content
HomeTopicsVulnerabilities

Vulnerabilities

We've curated 342 cybersecurity statistics about Vulnerabilities to help you understand how software weaknesses and system flaws are being exploited by cybercriminals in 2025. This insight can guide you in fortifying your defenses effectively.

Showing 301-320 of 342 results

Nearly a quarter of all vulnerabilities in the IBM X-Force Vulnerability Database have an associated weaponized exploit.

IBM 4/17/2025

60% of the top 10 vulnerabilities had been actively exploited or had a publicly available exploit from less than two weeks after disclosure to a zero day.

IBM 4/17/2025
Zero day

The number of vulnerabilities has increased rapidly over the past eight years and grown threefold.

IBM 4/17/2025

4 out of top 10 vulnerabilities most mentioned on the dark web are linked to sophisticated threat actors.

IBM 4/17/2025
Sophisticated threat actorsDark web

The Veeam vulnerability (CVE-2024-40711) and similar documented vulnerabilities played a role in nearly 15 percent of the cases Sophos MDR tracked involving malicious intrusions in 2024.

Sophos4/16/2025
Malicious intrusion

Obsolete and unpatched hardware and software constitute an ever-growing source of security vulnerabilities.

Sophos4/16/2025
Obsolote hardwareUnpatched hardware

69% of the highest-risk (serious) vulnerabilities are resolved.

Cobalt4/14/2025
Vulnerability managementVulnerability remediation

Median time to resolve issues of all criticalities stretches to 67 days.

Cobalt4/14/2025
Vulnerability managementVulnerability remediation

Less than half (48%) of vulnerabilities are remediated.

Cobalt4/14/2025
Vulnerability managementVulnerability remediation

LLM pentests yield the highest proportion of serious vulnerabilities (32%) than any other asset type tested.

Cobalt4/14/2025
LLMPen testing

Most companies set ambitious service-level agreements (SLA) requiring vulnerabilities to be fixed within 14 days.

Cobalt4/14/2025
SLAs

Since 2017, the median time to resolve serious vulnerabilities has decreased dramatically—from 112 days down to 37 days last year.

Cobalt4/14/2025
Vulnerability remediationVulnerability management

Only 21% of serious vulnerabilities discovered in LLM tests are being resolved.

Cobalt4/14/2025
LLMPen testing

This represents a cut of 75 days, or two-thirds.

Cobalt4/14/2025
Vulnerability remediationVulnerability management

46% of companies commit to fix critical vulnerabilities within just three days.

Cobalt4/14/2025
Vulnerability managementVulnerability remediation

There was a 75% increase in actively exploited flaws compared to the same period in 2024, with 12,333 vulnerabilities reported in Q1 alone .

GuidePoint Security4/10/2025
RansomwareFlaws

40,704 new vulnerabilities were disclosed in 2024.

Cognyte4/10/2025

Since 2023, network infrastructure, especially routers, has continued to outpace endpoints as the riskiest IT devices.

Forescout4/9/2025
Network infrastructureEndpoints

Routers account for over 50% of devices with the most dangerous vulnerabilities.

Forescout4/9/2025
Routers

Over 4,400 of the disclosed CVEs in 2024 were classified as critical (CVSS 9.0+).

Black Kite4/8/2025
CVEsCVSS