Vulnerabilities
We've curated 342 cybersecurity statistics about Vulnerabilities to help you understand how software weaknesses and system flaws are being exploited by cybercriminals in 2025. This insight can guide you in fortifying your defenses effectively.
Explore Subcategories
Related Topics
Showing 61-80 of 342 results
Third-party libraries and open-source dependencies account for 66% of the most dangerous, longest-lived vulnerabilities.
Mean vulnerabilities per codebase increased by 107% year-over-year.
87% of organizations have at least one known exploitable vulnerability in deployed services
82% of organizations now harbor security debt, an 11% increase from the prior year.
Among the open-source users whose organizations reported a cybersecurity incident, 61.4% indicated that the incident occurred when a patch was available but had not been applied – a slight increase from 60.4% last year.
92.6% of open-source users reported that their organization was aware it was vulnerable before the cybersecurity incident occurred.
42% of vulnerabilities were exploited before public disclosure.
44.4% of SMBs say poor coordination is the key hurdle to resolving security vulnerabilities and incidents.
Registered software vulnerabilities rose 20% in 2025.
Critical security debt, defined as risky vulnerabilities older than a year, increased 20% year-over-year.
41.7% of SMBs say containment is the key hurdle to resolving security vulnerabilities and incidents.
Services using end-of-life language versions face exploitable vulnerabilities in 50% of cases
40% of exploited vulnerabilities by China-nexus actors targeted internet-facing edge devices.
Services using supported language versions face exploitable vulnerabilities in 31% of cases
67% of exploited vulnerabilities used by China-nexus actors delivered immediate system access.
97% of API vulnerabilities can be exploited with a single request.
58% of large AppSec teams (50 members or more) that use SCA cite the inability to verify if vulnerabilities are exploitable in production as a major pain point.
In 2025, 17% of 67,058 published vulnerabilities (11,053 vulnerabilities) were API-related.
99% of API vulnerabilities are remotely exploitable.
11% of detected vulnerabilities have a known exploit.