Vulnerabilities
We've curated 342 cybersecurity statistics about Vulnerabilities to help you understand how software weaknesses and system flaws are being exploited by cybercriminals in 2025. This insight can guide you in fortifying your defenses effectively.
Explore Subcategories
Related Topics
Showing 301-320 of 342 results
Nearly a quarter of all vulnerabilities in the IBM X-Force Vulnerability Database have an associated weaponized exploit.
60% of the top 10 vulnerabilities had been actively exploited or had a publicly available exploit from less than two weeks after disclosure to a zero day.
The number of vulnerabilities has increased rapidly over the past eight years and grown threefold.
4 out of top 10 vulnerabilities most mentioned on the dark web are linked to sophisticated threat actors.
The Veeam vulnerability (CVE-2024-40711) and similar documented vulnerabilities played a role in nearly 15 percent of the cases Sophos MDR tracked involving malicious intrusions in 2024.
Obsolete and unpatched hardware and software constitute an ever-growing source of security vulnerabilities.
69% of the highest-risk (serious) vulnerabilities are resolved.
Median time to resolve issues of all criticalities stretches to 67 days.
Less than half (48%) of vulnerabilities are remediated.
LLM pentests yield the highest proportion of serious vulnerabilities (32%) than any other asset type tested.
Most companies set ambitious service-level agreements (SLA) requiring vulnerabilities to be fixed within 14 days.
Since 2017, the median time to resolve serious vulnerabilities has decreased dramatically—from 112 days down to 37 days last year.
Only 21% of serious vulnerabilities discovered in LLM tests are being resolved.
This represents a cut of 75 days, or two-thirds.
46% of companies commit to fix critical vulnerabilities within just three days.
There was a 75% increase in actively exploited flaws compared to the same period in 2024, with 12,333 vulnerabilities reported in Q1 alone .
40,704 new vulnerabilities were disclosed in 2024.
Since 2023, network infrastructure, especially routers, has continued to outpace endpoints as the riskiest IT devices.
Routers account for over 50% of devices with the most dangerous vulnerabilities.
Over 4,400 of the disclosed CVEs in 2024 were classified as critical (CVSS 9.0+).