Vulnerabilities
We've curated 267 cybersecurity statistics about Vulnerabilities to help you understand how software weaknesses and system flaws are being exploited by cybercriminals in 2025. This insight can guide you in fortifying your defenses effectively.
Explore Subcategories
Related Topics
Showing 141-160 of 267 results
In one analysis, professional services had 28% of vulnerable assets across cloud, APIs, and web applications.
In one analysis, construction had 18% of vulnerable assets across cloud, APIs, and web applications.
In one analysis, education had 31% of vulnerable assets across cloud, APIs, and web applications.
In one analysis, energy had 18% of vulnerable assets across cloud, APIs, and web applications.
In one analysis, finance had 5% of vulnerable assets across cloud, APIs, and web applications.
In one analysis, government had 26% of vulnerable assets across cloud, APIs, and web applications.
Black Kite researchers found that 31 out of 140 third-party vendors have at least one critical vulnerability with a CVSS at or above 8. 15 vendors show an extremely high risk with CVSS scores above 9.
65% of third-party vendors are not maintaining current patch levels, which exposes financial institutions to inherited risk from known vulnerabilities (CVEs) and potentially unpatched zero-day vulnerabilities in legacy technologies.
90 third-party vendors are flagged with high-risk threat categories. Among these, 35 vendors are marked with Known Exploited Vulnerabilities (KEV) tags.
Over 83 zero-day vulnerabilities were actively exploited in real-world campaigns.
Exploits were observed being weaponised in minutes.
Code vulnerability was the second most costly attack vector, with $235,783,844 stolen across 47 on-chain security incidents in Q2 2025.
Within organisations affected by KEVS that are also linked to ransomware and are insecurely connected to the internet, 2% of devices contain the same high level of risk, meaning they are essential to business operations and are operating at the highest level of risk exposure
Of the organisations affected by KEVs, 51% are affected by KEVs that are also linked to ransomware and are insecurely connected to the internet.
49% of industrial organizations cite vulnerability prioritization as the most laborious task.
75% of organisations have BMS affected by known exploited vulnerabilities (KEVs).
37% of respondents cited software vulnerabilities and zero-days as a top concerning threat.
40% of ransomware victims stated that adversaries exploited a security gap they were unaware of, highlighting issues with attack surface visibility.
37% of respondents cited software vulnerabilities and zero-days as a top concerning threat.
For the third year in a row, exploited vulnerabilities were identified as the number one technical root cause of ransomware attacks.