As someone who’s been immersed in cybersecurity for years, I couldn’t help but take a hard look at the findings in Verizon’s 2025 Data Breach Investigations Report. While the report covers a multitude of issues, one of the more startling findings is the growth in exploited software vulnerabilities. These vulnerabilities are no longer a minor afterthought; they’re swiftly becoming a primary entry point for cyberattacks.
A rise in exploited vulnerabilities
According to the report, exploitation of vulnerabilities has now become an initial access vector in about 20% of all breaches—a figure that nearly rivals long-used credential abuse. What’s even more alarming is that this is a 34% increase over last year. These numbers aren’t just statistics; they’re a wake-up call. Attackers aren’t waiting for a perfect moment—they’re actively hunting for any software or system weakness, whether that weakness is in the code itself or in the way edge devices and VPNs are managed.
The edge devices and VPN vulnerability surge
The report also notes that attackers are increasingly leveraging vulnerabilities in edge devices and VPNs. The percentage of exploitation actions targeting these areas has increased from 3% last year to a staggering 22% this year—a nearly eightfold increase. This isn’t just about a single, poorly patched router or misconfigured firewall; it signals a broader industry challenge with managing and patching software on devices that form the front door to our networks.
Yet the report paints a mixed picture. While a lot of effort goes into patching these vulnerabilities, only about 54% of them were reported as fully remediated over the year. And even then, it took organizations a median of 32 days to get patches in place. These delays are too long in today’s threat landscape. Attackers don’t wait—they exploit these gaps of opportunity immediately.
The role of zero-day exploits
Another factor fueling this surge is the use of zero-day exploits—those vulnerabilities that are unknown to the vendor until an attack occurs. It’s both frightening and fascinating to see how these zero-days are being weaponized, particularly against edge and VPN software. In many ways, the exploitations described in the report underscore just how critical it is for organizations to ramp up proactive vulnerability management practices.
What can we do about this rise in vulnerability?
When software vulnerabilities continue to grow as an attack vector, it means that patch management and vulnerability scanning can no longer be side projects when you have the time. Proactive vulnerability management needs to be an integral part of an organization’s cybersecurity strategy. If a company is still patching systems on a wait-and-see basis, it’s essentially giving attackers a green light to probe, test and eventually breach the system.
These new findings from Verizon reinforce the need to invest robustly in automated patch management tools, frequent vulnerability assessments and even adopting zero-trust architectures. The faster we can identify—and remediate—these vulnerabilities, the more we can disrupt the attack chain that many cybercriminals rely on.
The Verizon 2025 DBIR reminds us that software vulnerabilities are not static; they’re evolving alongside our technology and threat landscape. One unpatched vulnerability can have a cascade effect on an entire organization. All stakeholders—from IT teams to executive leadership—should take these figures seriously.
Let’s commit to reducing that 32-day median patching time, implementing tighter controls on edge and VPN devices, and staying one step ahead of threat actors who are relentlessly exploiting every gap in our digital armor.
Learn more about the latest vulnerabilities in the Flexera Monthly Vulnerability Insights Report.
