We've curated 21 cybersecurity statistics about Vulnerabilities to help you understand how software weaknesses and system flaws are being exploited by cybercriminals in 2025. This insight can guide you in fortifying your defenses effectively.
Showing 1-20 of 251 results
As of October 2025, there are over 14,700 Jenkins servers exposed to the internet that remain vulnerable to CVE-2024-23897.
71% of critical vulnerability alerts in Q3 2025 originated from just four legacy CVEs.
Only 20% of dependency versions recommended by AI coding assistants were found to be safe to use in 2025.
The proportion of safe dependency recommendations increased from 20% to 57% when AI agents were equipped with security tools in 2025.
There are over 1,400 unique vulnerabilities affecting IP cameras in the dataset.
40% of IP cameras in the dataset have at least one vulnerability.
82% of the more than 10,000 Model Context Protocol (MCP) servers interact with sensitive APIs, creating additional vulnerabilities in 2025.
In Q3 2025, 16% of vulnerabilities added to CISA's Known Exploited Vulnerabilities catalog were API-related.
In Q3 2025, Security Misconfiguration accounted for 38% of all API flaws, rising by 33% from Q2 2025.
In Q3 2025, there were 1,602 disclosed API-related vulnerabilities, representing a 20% increase from Q2 2025.
In Q3 2025, authorization issues made up 28% of all API vulnerabilities.
In Q3 2025, Model Context Protocol vulnerabilities surged by 270% compared to Q2 2025.
In Q3 2025, AI-API vulnerabilities increased by 57%, driven by a 270% rise in Model Context Protocol vulnerabilities.
In Q3 2025, vulnerabilities related to Agentic AI rose by 67%, indicating early signs of risk in autonomous orchestration.
The average flaw half-life for financial services organizations is 276 days, indicating it takes nearly a month longer to fix security issues than in other industries.
63% of banking, financial services, and insurance organizations reported harboring critical security debt in 2025, which is 13 percentage points higher than the cross-industry average.
Open-source flaws account for over 82% of critical security debt at financial firms, despite third-party code representing only 17% of total security debt.
77% of financial services organizations reported accruing some level of security debt.
Top-performing BFSI enterprises remediate over 9% of open flaws monthly, while lagging organizations have security debt in 85% or more of their applications.
75% of manufacturing companies have critical vulnerabilities with a CVSS score of 8 or higher.