Skip to main content
HomeTopicsVulnerabilities

Vulnerabilities

We've curated 342 cybersecurity statistics about Vulnerabilities to help you understand how software weaknesses and system flaws are being exploited by cybercriminals in 2025. This insight can guide you in fortifying your defenses effectively.

Showing 141-160 of 342 results

In 49.2% of large ransomware claims, attackers gained access by exploiting system vulnerabilities.

AXA XL9/9/2025
Cyber insuranceCyber claims

Healthcare’s median time to resolve serious pen test findings was 58 days. This ranks healthcare 10th of 13 industries. Hospitality led with 20 days.

Cobalt9/3/2025
HealthcarePen test

14% of healthcare organizations resolve critical findings in business-critical within eight to 14 days.

Cobalt9/3/2025
HealthcarePen test

43% of healthcare organizations resolve critical findings in business-critical assets in one to three days.

Cobalt9/3/2025
HealthcarePen test

37% of healthcare organizations resolve critical findings in business-critical assets within four to seven days.

Cobalt9/3/2025
HealthcarePen test

Just 13.3% of healthcare pentest findings qualify as “serious”. This ranks healthcare 6th-best out of 13 industries.

Cobalt9/3/2025
HealthcarePen test

Healthcare’s half-life for serious pen test findings was 244 days. This ranks healthcare 11th of 13 industries. Transportation had a half-life of 43 days.

Cobalt9/3/2025
HealthcarePen test

Healthcare resolved only 57.4% of serious pen test findings. This ranks healthcare 11th of 13 industries. By comparison, transportation led with 80.2%.

Cobalt9/3/2025
HealthcarePen test

Nearly 40% of healthcare SLAs require serious findings in business-critical assets to be fixed within three days. Another 40% require resolution within four to 14 days.

Cobalt9/3/2025
HealthcarePen test

APIs in technology & SaaS providers' environments saw a 400% spike in critical vulnerabilities.

BreachLock8/11/2025
APIsCritical vulnerabilities

70% of vulnerabilities detected in healthcare systems were categorised as Medium and High severity issues.

BreachLock8/11/2025
Healthcare

45% of published vulnerabilities in H1 2025 were rated high or critical.

Forescout8/4/2025
Threats

47% of newly exploited vulnerabilities were originally published before 2025.

Forescout8/4/2025
Threats

Published vulnerabilities rose 15% in H1 2025.

Forescout8/4/2025
Threats

The volume of disclosed vulnerabilities is up by a staggering 246% since February 2025.

Flashpoint7/31/2025

Attacker activity precedes the public disclosure of a new vulnerability in edge devices and its Common Vulnerabilities and Exposures (CVE) number in 80% of cases. This pre-disclosure activity can precede the CVE disclosure by up to six weeks.

Greynoise7/31/2025
Edge technologies

Vendors with Highest Number of KEVs in 1H-2025: Microsoft: 32 KEVs, with 26 of these being for Windows; Cisco: 10 KEVs; Apple OS: 6 KEVs; Totolink Networking Devices: 6 KEVs; and VMware: 6 KEVs.

VulnCheck7/30/2025
KEVs

Reports of KEVs associated with China and North Korea decreased in 1H-2025, while reports associated with Russia and Iran increased.

VulnCheck7/30/2025
KEVs

In 2H-2024, 44 KEVs were attributed to the North Korean cyber group Silent Chollima.

VulnCheck7/30/2025
KEVs

In 1H-2025, 29 KEVs were attributed to Iranian threat actors.

VulnCheck7/30/2025
KEVs