Vulnerabilities
We've curated 342 cybersecurity statistics about Vulnerabilities to help you understand how software weaknesses and system flaws are being exploited by cybercriminals in 2025. This insight can guide you in fortifying your defenses effectively.
Explore Subcategories
Related Topics
Showing 81-100 of 342 results
The most widely detected vulnerability is CVE-2013-2566, which dates to 2013.
In 2025, 14% of published AI vulnerabilities were MCP-related (315 MCP-related vulnerabilities).
MCP vulnerabilities grew 270% from Q2 to Q3 in 2025.
98% of API vulnerabilities are easy or trivial to exploit.
59% of API vulnerabilities require no authentication.
26% percent of advisories in 2025 contained no patch or mitigation from vendors.
63% of mid-sized AppSec teams (11–50 members) that use SCA cite the inability to verify if vulnerabilities are exploitable in production as their biggest pain point.
38% of small AppSec teams (1–10 members) that use SCA cite the inability to verify if vulnerabilities are exploitable in production as their biggest pain point.
25% of ICS-CERT and NVD vulnerabilities have incorrect CVSS scores.
In 2025, 37 N-day vulnerabilities and 52 zero-day vulnerabilities specifically targeted security and perimeter software.
Of the 65 CVEs discussed by the BlackBasta ransomware group, 54 are Known Exploited Vulnerabilities (KEVs).
N-day vulnerabilities represent over 80% of all Known Exploited Vulnerabilities (KEVs) tracked over the past four years.
242 vulnerabilities are added to the CISA Known Exploited Vulnerabilities catalog, a 30% year-over-year increase, and 285 vulnerabilities are added to the Vedere Labs KEV, a 213% year-over-year increase.
71% of exploited vulnerabilities are not in the CISA KEV catalog.
AI-generated code results in 15–18% more security vulnerabilities per line of code compared to human-written code.
In Q3 2025, the number of newly published vulnerabilities reached over 11,700, with nearly 1,800 classified as high-risk.
In Q3 2025, 29 vulnerabilities were confirmed to be actively exploited in the wild, representing a 26% decrease from the previous quarter.
60% of all cyber training focuses on vulnerabilities that are more than two years old.
71% of critical vulnerability alerts in Q3 2025 originated from just four legacy CVEs.
As of October 2025, there are over 14,700 Jenkins servers exposed to the internet that remain vulnerable to CVE-2024-23897.