Vulnerabilities
We've curated 342 cybersecurity statistics about Vulnerabilities to help you understand how software weaknesses and system flaws are being exploited by cybercriminals in 2025. This insight can guide you in fortifying your defenses effectively.
Explore Subcategories
Related Topics
Showing 1-20 of 342 results
79% are concerned about missing vulnerabilities introduced between scheduled tests
60% of healthcare leaders have self-attested to HIPAA compliance despite known, unpatched vulnerabilities.
Annual vulnerability disclosures are on pace to approach 70,000 for the first time in history.
Mozilla CNA Q1 CVE disclosures spiked 164% due to AI-assisted tooling against the Firefox engine.
There were 6,420 excess CVEs recorded through April 2026, representing a 46.3% cumulative drift above the February forecast.
VulnCheck CNA-of-Last-Resort activity increased 3,119%.
GitHub Security Advisory (GHSA) volume increased 449% year-over-year.
Actual CVE disclosures are running 46.3% above projections published four months earlier.
The 2026 projected total of CVE disclosures is approximately 66,000, up from a February median projection of 59,427.
From 2024 to 2025, the number of critical vulnerabilities carried across vendors serving the financial sector increased 387%.
Among the 140 vendors whose client base is meaningfully concentrated in finance, critical vulnerabilities increased 181%.
Over 48,000 CVEs were published globally in 2025, an 18% year-on-year increase.
Three of four Chinese LLMs generate hidden security vulnerabilities when prompted with a U.S. government persona.
73% of Nordic CISOs either explicitly state that no vulnerabilities have been exploited or are unable to point out concrete cases.
9% of Nordic CISOs cited vulnerabilities as their primary concern.
Only approximately 1.4% of publicly disclosed vulnerabilities are known to be exploited in real-world attacks.
Over 80% of known-exploited vulnerabilities have no Metasploit module.
Of the 48,000+ CVEs published in 2025, only 58 represented a genuine, discoverable, and exploitable threat to enterprise supply chains.
Over 48,000 new CVEs were disclosed in 2025, a 20% year-over-year increase.
56% worry they remain exposed to known vulnerabilities, even as 86% say remediation is a critical part of their security strategy.