Cyberstats

Security Intelligence

Vendorsmondoo

mondoo

Cybersecurity reports and statistics published by mondoo

1 categories1 reports

Research Reports

Reports and publications from mondoo

State of Vulnerability Remediation

10/21/2025

Recent Statistics & Reports

35% of respondent organizations are not currently using their CI/CD pipelines for remediation but want to in 2025.

10/21/2025
Vulnerability Remediation

22% of respondent organizations are using their CI/CD pipelines to deliver fixes and remediations.

10/21/2025
Vulnerability Remediation

60% of respondents reported that fewer than 5% of vulnerabilities and misconfigurations recurred within a month of remediation in 2025.

10/21/2025
Vulnerability Remediation

35% of respondents cited rollbacks of patches as a cause of vulnerability recurrence.

10/21/2025
Vulnerability Remediation

91% of respondents agreed or strongly agreed that their organization is improving in its ability to remediate vulnerabilities in 2025, according to a survey of respondents.

10/21/2025
Vulnerability Remediation

1% of respondents reported being 'not at all confident' in their organization's ability to remediate known vulnerabilities in a timely manner.

10/21/2025
Vulnerability Remediation

4% of organizations took more than 15 days to remediate critical vulnerabilities in 2025.

10/21/2025
Vulnerability Remediation

Companies that experience tool sprawl report 51% lower remediation confidence compared to those who did not experience tool sprawl in 2025.

10/21/2025
Vulnerability Remediation

Tool sprawl reduces confidence in remediation by 51% in 2025.

10/21/2025
Vulnerability Remediation

28% of organizations report that IT operations is primarily responsible for remediating vulnerabilities and misconfigurations reported by security.

10/21/2025
Vulnerability Remediation

42% of IT and security professionals reported working in both IT operations and security in 2025, according to a survey of 125 respondents

10/21/2025
Vulnerability Remediation

52% report on their remediation efforts ‘quarterly’, ‘rarely’, or ‘never’ in 2025, while only 18% run weekly reports.

10/21/2025
Vulnerability Remediation

26% of respondents stated that the recurrence of vulnerabilities and misconfigurations was between 6% and 10% within a month of remediation in 2025.

10/21/2025
Vulnerability Remediation

44% of security and IT operators indicated that auto-creating tickets with all relevant information would improve remediation in 2025.

10/21/2025
Vulnerability Remediation

18% of organizations surveyed reported tracking and reporting their remediation efforts on a weekly basis while 30% reported doing so monthly.

10/21/2025
Vulnerability Remediation

39% of respondents reported not using a vulnerability remediation tracking tool in 2025, relying instead on manual tracking using spreadsheets.

10/21/2025
Vulnerability Remediation

48% of respondents reported being 'fairly confident' in their organization's ability to remediate known vulnerabilities in a timely manner.

10/21/2025
Vulnerability Remediation

18% of respondents identified lack of scanning in CI/CD as a main reason for the recurrence of vulnerabilities in 2025.

10/21/2025
Vulnerability Remediation

71% of organizations reported that they remediate critical vulnerabilities within 24–72 hours in 2025.

10/21/2025
Vulnerability Remediation

33% of organizations reported remediating critical vulnerabilities within one to three days in 2025, compared to 32% for high-importance vulnerabilities.

10/21/2025
Vulnerability Remediation

Showing first 20 results

Top Categories

Vulnerability Remediation
66