Edgescan Vulnerability Statistics Report 2025

Keypoints

• Most cybersecurity vendor reports follow a structure comprising an overview or synopsis, detailed vulnerability statistics, threat landscape analysis, and recommendations for security improvements.
• These reports usually start with a summary of the year’s key findings, including total vulnerabilities discovered, trends in exploit activity, and statistics on breach causes.
• In 2024, over 40,000 CVEs were published, with approximately 768 being exploited in the wild for the first time, representing a 20% increase from the previous year.
• Key statistics reveal that more than 33% of vulnerabilities across full technology stacks are of high or critical severity, emphasizing the ongoing risk of severe exploits.
• Recurring themes include the challenge of patch management, the prevalence of legacy vulnerabilities (some dating back to 2015), and the critical role of attack surface visibility in threat mitigation.
• Notable trends highlight the significant proportion of vulnerabilities with exploitable code available, particularly in web applications and APIs, with SQL injection and file upload flaws leading the high-severity issues.
• Major insights demonstrate that vulnerability prioritization leveraging scoring systems like EVSS, CVSS, and CISA KEV remains vital but complex, as scores can contradict each other, complicating remediation efforts.
• Analysis of attack surface data underscores the importance of continuous asset monitoring and quick remediation, as delays in patching or visibility gaps heighten breach risk.