Vulnerabilities
We've curated 267 cybersecurity statistics about Vulnerabilities to help you understand how software weaknesses and system flaws are being exploited by cybercriminals in 2025. This insight can guide you in fortifying your defenses effectively.
Explore Subcategories
Related Topics
Showing 141-160 of 267 results
Top 5 industries by cloud‑asset vulnerability: Professional Services: 25.0%, Retail: 23.3%, Government: 18.4%, Education: 17.6%, Media: 13.8%.
In one analysis, retail had 30.9% vulnerable web applications.
In one analysis, finance had 5% of vulnerable assets across cloud, APIs, and web applications.
In one analysis, construction had 18% of vulnerable assets across cloud, APIs, and web applications.
In one analysis, health care & insurance had 16% of vulnerable assets across cloud, APIs, and web applications.
In one analysis, government had 26% of vulnerable assets across cloud, APIs, and web applications.
65% of third-party vendors are not maintaining current patch levels, which exposes financial institutions to inherited risk from known vulnerabilities (CVEs) and potentially unpatched zero-day vulnerabilities in legacy technologies.
90 third-party vendors are flagged with high-risk threat categories. Among these, 35 vendors are marked with Known Exploited Vulnerabilities (KEV) tags.
Black Kite researchers found that 31 out of 140 third-party vendors have at least one critical vulnerability with a CVSS at or above 8. 15 vendors show an extremely high risk with CVSS scores above 9.
Exploits were observed being weaponised in minutes.
Over 83 zero-day vulnerabilities were actively exploited in real-world campaigns.
Code vulnerability was the second most costly attack vector, with $235,783,844 stolen across 47 on-chain security incidents in Q2 2025.
75% of organisations have BMS affected by known exploited vulnerabilities (KEVs).
Within organisations affected by KEVS that are also linked to ransomware and are insecurely connected to the internet, 2% of devices contain the same high level of risk, meaning they are essential to business operations and are operating at the highest level of risk exposure
49% of industrial organizations cite vulnerability prioritization as the most laborious task.
Of the organisations affected by KEVs, 51% are affected by KEVs that are also linked to ransomware and are insecurely connected to the internet.
37% of respondents cited software vulnerabilities and zero-days as a top concerning threat.
37% of respondents cited software vulnerabilities and zero-days as a top concerning threat.
For the third year in a row, exploited vulnerabilities were identified as the number one technical root cause of ransomware attacks.
40% of ransomware victims stated that adversaries exploited a security gap they were unaware of, highlighting issues with attack surface visibility.