Skip to main content
HomeTopicsVulnerabilities

Vulnerabilities

We've curated 342 cybersecurity statistics about Vulnerabilities to help you understand how software weaknesses and system flaws are being exploited by cybercriminals in 2025. This insight can guide you in fortifying your defenses effectively.

Showing 161-180 of 342 results

26.9% of KEVs first seen in 1H-2025 were still awaiting analysis by NIST.

VulnCheck7/30/2025
KEVs

In 2H-2024, 66 KEVs were attributed to the Chinese threat actor Flax Typhoon (AKA Ethereal Panda).

VulnCheck7/30/2025
KEVs

4.4% of KEVs are in a deferred status by NIST, meaning they are no longer maintained or updated

VulnCheck7/30/2025
KEVs

32.1% of vulnerabilities (Known Exploited Vulnerabilities - KEVs) had exploitation evidence on or before the day of their CVE disclosure, often indicating zero-day exploitation. This marks an 8.5% increase in the percentage of KEVs exploited on or before disclosure compared to 23.6% in 2024.

VulnCheck7/30/2025
CVEsKEVs

The top five categories for KEVs in 1H-2025 are: Content Management Systems (CMS): 86 KEVs, with a significant volume attributed to WordPress Plug-ins; Network Edge Devices: 77 KEVs; Server Software: 61 KEVs; Open Source Software: 55 KEVs; and Operating Systems: 38 KEVs.

VulnCheck7/30/2025
KEVs

Attackers exploit new application vulnerabilities in just 5 days.

Contrast Security7/17/2025
ApplicationsSoftware

Applications face an average of 17 new application vulnerabilities per month.

Contrast Security7/17/2025
ApplicationsSoftware

The average application is targeted by attackers once every 3 minutes.

Contrast Security7/17/2025
ApplicationsSoftware

On average, applications contain 30 serious vulnerabilities.

Contrast Security7/17/2025
ApplicationsSoftware

It takes an average of 84 days to patch even the most critical flaws in applications.

Contrast Security7/17/2025
ApplicationsSoftware

Developer teams remediate, on average, 6 application vulnerabilities per month.

Contrast Security7/17/2025
ApplicationsSoftware

The average application is exposed to 81 confirmed, viable attacks each month that evade other defences

Contrast Security7/17/2025
ApplicationsSoftware

In one analysis, the government sector had 18.5% vulnerable APIs.

CyCognito7/15/2025
GovernmentAPIs

In one analysis, professional services had 28% of vulnerable assets across cloud, APIs, and web applications.

CyCognito7/15/2025
Professional servicesCloud

In one analysis, media had 21% of vulnerable assets across cloud, APIs, and web applications.

CyCognito7/15/2025
MediaCloud

In one analysis, energy had 18% of vulnerable assets across cloud, APIs, and web applications.

CyCognito7/15/2025
EnergyCloud

13.6% of all analyzed cloud assets are vulnerable.

CyCognito7/15/2025
CloudCloud assets

Top 5 industries by web‑app vulnerability: Education: 35.3%, Retail: 30.9%, Government: 30.4%, Professional Services: 30.1%, Media: 25.7%.

CyCognito7/15/2025
Web appEducation

In one analysis, transport had 12% of vulnerable assets across cloud, APIs, and web applications.

CyCognito7/15/2025
TransportCloud

In one analysis, the government sector had 30.4% vulnerable web applications.

CyCognito7/15/2025
GovernmentWeb applications