Vulnerabilities
We've curated 267 cybersecurity statistics about Vulnerabilities to help you understand how software weaknesses and system flaws are being exploited by cybercriminals in 2025. This insight can guide you in fortifying your defenses effectively.
Explore Subcategories
Related Topics
Showing 21-40 of 267 results
In Q3 2025, 29 vulnerabilities were confirmed to be actively exploited in the wild, representing a 26% decrease from the previous quarter.
In Q3 2025, the number of newly published vulnerabilities reached over 11,700, with nearly 1,800 classified as high-risk.
60% of all cyber training focuses on vulnerabilities that are more than two years old.
As of October 2025, there are over 14,700 Jenkins servers exposed to the internet that remain vulnerable to CVE-2024-23897.
71% of critical vulnerability alerts in Q3 2025 originated from just four legacy CVEs.
82% of the more than 10,000 Model Context Protocol (MCP) servers interact with sensitive APIs, creating additional vulnerabilities in 2025.
There are over 1,400 unique vulnerabilities affecting IP cameras in the dataset.
40% of IP cameras in the dataset have at least one vulnerability.
In Q3 2025, 16% of vulnerabilities added to CISA's Known Exploited Vulnerabilities catalog were API-related.
In Q3 2025, Model Context Protocol vulnerabilities surged by 270% compared to Q2 2025.
63% of banking, financial services, and insurance organizations reported harboring critical security debt in 2025, which is 13 percentage points higher than the cross-industry average.
The average flaw half-life for financial services organizations is 276 days, indicating it takes nearly a month longer to fix security issues than in other industries.
Top-performing BFSI enterprises remediate over 9% of open flaws monthly, while lagging organizations have security debt in 85% or more of their applications.
Open-source flaws account for over 82% of critical security debt at financial firms, despite third-party code representing only 17% of total security debt.
In Q3 2025, Security Misconfiguration accounted for 38% of all API flaws, rising by 33% from Q2 2025.
77% of financial services organizations reported accruing some level of security debt.
In Q3 2025, there were 1,602 disclosed API-related vulnerabilities, representing a 20% increase from Q2 2025.
In Q3 2025, vulnerabilities related to Agentic AI rose by 67%, indicating early signs of risk in autonomous orchestration.
In Q3 2025, authorization issues made up 28% of all API vulnerabilities.
In Q3 2025, AI-API vulnerabilities increased by 57%, driven by a 270% rise in Model Context Protocol vulnerabilities.