Skip to main content

CYBERSTATS

Security Intelligence

Back to Home

Many of 2024's most exploited vulnerabilities were found in widely used third-party software rather than internally developed applications

Black Kite
April 8, 2025
CVEsVulnerabilitiesThird-party

Many of 2024's most exploited vulnerabilities were found in widely used third-party software rather than internally developed applications — This cybersecurity statistic was published by Black Kite in April 2025. It covers topics including CVEs, Vulnerabilities, Third-party. The original data appears in 2025 Supply Chain Vulnerability Report. For the full methodology and detailed findings, refer to the original report.

Source

View Original Report

Published on 4/8/2025

Share or Copy this stat

Frequently Asked Questions

What does this statistic say?

Many of 2024's most exploited vulnerabilities were found in widely used third-party software rather than internally developed applications This data was published by Black Kite and covers CVEs, Vulnerabilities, Third-party.

Where does this data come from?

This statistic comes from 2025 Supply Chain Vulnerability Report, published by Black Kite on April 8, 2025. You can view the original report at https://content.blackkite.com/ebook/2025-supply-chain-vulnerability-report/.

What cybersecurity topics does this cover?

This statistic relates to CVEs, Vulnerabilities, Third-party. Browse more statistics on CVEs or from Black Kite.

Want More Statistics Like This?

Get the latest cybersecurity stats delivered to your inbox every week

Related Statistics

Of the 65 CVEs discussed by the BlackBasta ransomware group, 54 are Known Exploited Vulnerabilities (KEVs).

Flashpoint2/14/2026
RansomwareVulnerabilitiesBlackBasta

71% of critical vulnerability alerts in Q3 2025 originated from just four legacy CVEs.

ReliaQuest11/9/2025
VulnerabilitiesCloud SecurityCVEs

CVEs added to CISA KEV jumped 80% in H1 2025.

Forescout8/4/2025
ThreatsCVEsCISA KEV

32.1% of vulnerabilities (Known Exploited Vulnerabilities - KEVs) had exploitation evidence on or before the day of their CVE disclosure, often indicating zero-day exploitation. This marks an 8.5% increase in the percentage of KEVs exploited on or before disclosure compared to 23.6% in 2024.

VulnCheck7/30/2025
VulnerabilitiesCVEsKEVs

65% of third-party vendors are not maintaining current patch levels, which exposes financial institutions to inherited risk from known vulnerabilities (CVEs) and potentially unpatched zero-day vulnerabilities in legacy technologies.

Black Kite7/10/2025
FinancialThird-party vendorsVulnerabilities

Over 20,000 of the disclosed CVEs in 2024 had a CVSS score of 7.0 or higher.

Black Kite4/8/2025
CVEsCVSSVulnerabilities

Browse by Topic

CVEsVulnerabilitiesThird-partyMore from Black Kite

Stay Ahead of Cyber Threats

Join 1,000+ security professionals getting weekly insights