Vulnerabilities
We've curated 267 cybersecurity statistics about Vulnerabilities to help you understand how software weaknesses and system flaws are being exploited by cybercriminals in 2025. This insight can guide you in fortifying your defenses effectively.
Explore Subcategories
Related Topics
Showing 21-40 of 267 results
60% of all cyber training focuses on vulnerabilities that are more than two years old.
In Q3 2025, the number of newly published vulnerabilities reached over 11,700, with nearly 1,800 classified as high-risk.
In Q3 2025, 29 vulnerabilities were confirmed to be actively exploited in the wild, representing a 26% decrease from the previous quarter.
As of October 2025, there are over 14,700 Jenkins servers exposed to the internet that remain vulnerable to CVE-2024-23897.
71% of critical vulnerability alerts in Q3 2025 originated from just four legacy CVEs.
There are over 1,400 unique vulnerabilities affecting IP cameras in the dataset.
82% of the more than 10,000 Model Context Protocol (MCP) servers interact with sensitive APIs, creating additional vulnerabilities in 2025.
40% of IP cameras in the dataset have at least one vulnerability.
In Q3 2025, vulnerabilities related to Agentic AI rose by 67%, indicating early signs of risk in autonomous orchestration.
In Q3 2025, authorization issues made up 28% of all API vulnerabilities.
In Q3 2025, Model Context Protocol vulnerabilities surged by 270% compared to Q2 2025.
In Q3 2025, there were 1,602 disclosed API-related vulnerabilities, representing a 20% increase from Q2 2025.
In Q3 2025, 16% of vulnerabilities added to CISA's Known Exploited Vulnerabilities catalog were API-related.
Open-source flaws account for over 82% of critical security debt at financial firms, despite third-party code representing only 17% of total security debt.
63% of banking, financial services, and insurance organizations reported harboring critical security debt in 2025, which is 13 percentage points higher than the cross-industry average.
Top-performing BFSI enterprises remediate over 9% of open flaws monthly, while lagging organizations have security debt in 85% or more of their applications.
In Q3 2025, Security Misconfiguration accounted for 38% of all API flaws, rising by 33% from Q2 2025.
77% of financial services organizations reported accruing some level of security debt.
The average flaw half-life for financial services organizations is 276 days, indicating it takes nearly a month longer to fix security issues than in other industries.
In Q3 2025, AI-API vulnerabilities increased by 57%, driven by a 270% rise in Model Context Protocol vulnerabilities.