Vulnerabilities
We've curated 342 cybersecurity statistics about Vulnerabilities to help you understand how software weaknesses and system flaws are being exploited by cybercriminals in 2025. This insight can guide you in fortifying your defenses effectively.
Explore Subcategories
Related Topics
Showing 41-60 of 342 results
Nearly 40% of the top-targeted vulnerabilities impacted end- of-life (EOL) devices.
Exploited high and critical severity vulnerabilities increased 105% from 71 in 2024 to 146 in 2025.
Threat actors deployed more than 147,000 malicious domains, nearly 58,000 malware files, and actively exploited 549 vulnerabilities in 2025.
Routers account for one-third of the most critical vulnerabilities in organizational networks.
The median time from a vulnerability's publication to its inclusion in the CISA KEV catalog dropped from 8.5 days to 5.0 days.
The mean time from a vulnerability's publication to its inclusion in the CISA KEV catalog dropped from 61.0 days to 28.5 days.
For network intrusions, unpatched vulnerabilities were the root cause 21% of the time.
29.15% of organizations are vulnerable to the React2Shell RCE vulnerability.
More than 81% of organizations deploy vulnerable dependencies.
Routers and switches average nearly 32 vulnerabilities per device.
46.20% of organizations remain exposed to Log4Shell years after disclosure.
In 2025, one in three vulnerabilities (33%) had publicly available exploit code.
26 of 30 pull requests (87%) introduce at least one vulnerability.
Zero-day vulnerabilities are being mass exploited in as little as 24 hours after discovery.
Vulnerability disclosures increased by 12% between January 2025 and December 2025.
143 security issues are identified across 38 security scans.
11.3% of software flaws pose real-world danger.
47.2% of SMBs say lack of skills is the key hurdle to resolving security vulnerabilities and incidents.
47.2% of SMBs say alert fatigue is the key hurdle to resolving security vulnerabilities and incidents.
Among respondents who identified at least one affected technology, vulnerabilities tied to reported open source incidents were distributed across infrastructure and middleware (51.9%), software development frameworks and libraries (50.0%), and databases and data technologies (48.1%).