Vulnerabilities
We've curated 342 cybersecurity statistics about Vulnerabilities to help you understand how software weaknesses and system flaws are being exploited by cybercriminals in 2025. This insight can guide you in fortifying your defenses effectively.
Explore Subcategories
Related Topics
Showing 141-160 of 342 results
In 49.2% of large ransomware claims, attackers gained access by exploiting system vulnerabilities.
Healthcare’s median time to resolve serious pen test findings was 58 days. This ranks healthcare 10th of 13 industries. Hospitality led with 20 days.
14% of healthcare organizations resolve critical findings in business-critical within eight to 14 days.
43% of healthcare organizations resolve critical findings in business-critical assets in one to three days.
37% of healthcare organizations resolve critical findings in business-critical assets within four to seven days.
Just 13.3% of healthcare pentest findings qualify as “serious”. This ranks healthcare 6th-best out of 13 industries.
Healthcare’s half-life for serious pen test findings was 244 days. This ranks healthcare 11th of 13 industries. Transportation had a half-life of 43 days.
Healthcare resolved only 57.4% of serious pen test findings. This ranks healthcare 11th of 13 industries. By comparison, transportation led with 80.2%.
Nearly 40% of healthcare SLAs require serious findings in business-critical assets to be fixed within three days. Another 40% require resolution within four to 14 days.
APIs in technology & SaaS providers' environments saw a 400% spike in critical vulnerabilities.
70% of vulnerabilities detected in healthcare systems were categorised as Medium and High severity issues.
45% of published vulnerabilities in H1 2025 were rated high or critical.
47% of newly exploited vulnerabilities were originally published before 2025.
Published vulnerabilities rose 15% in H1 2025.
The volume of disclosed vulnerabilities is up by a staggering 246% since February 2025.
Attacker activity precedes the public disclosure of a new vulnerability in edge devices and its Common Vulnerabilities and Exposures (CVE) number in 80% of cases. This pre-disclosure activity can precede the CVE disclosure by up to six weeks.
Vendors with Highest Number of KEVs in 1H-2025: Microsoft: 32 KEVs, with 26 of these being for Windows; Cisco: 10 KEVs; Apple OS: 6 KEVs; Totolink Networking Devices: 6 KEVs; and VMware: 6 KEVs.
Reports of KEVs associated with China and North Korea decreased in 1H-2025, while reports associated with Russia and Iran increased.
In 2H-2024, 44 KEVs were attributed to the North Korean cyber group Silent Chollima.
In 1H-2025, 29 KEVs were attributed to Iranian threat actors.