Security News > 2024 > January > 45% of critical CVEs left unpatched in 2023

Blind spots and critical vulnerabilities are worsening, with 45% of critical CVEs remaining unpatched.
The educational services industry has a significantly higher percentage of servers with unpatched weaponised Common Vulnerabilities and Exposures, compared to the general average of 10%. Industries still using end-of-life or EoS OSs that are no longer actively supported or patched for vulnerabilities and security issues by the manufacturer: Educational services, retail trade, healthcare, manufacturing and public administration.
Security professionals found themselves grappling with an overwhelming number of vulnerabilities in 2023, making prioritization and remediation an increasingly complex challenge.
This proliferation of vulnerabilities is further exacerbated by the staggering figure of over 3.6 billion CVEs associated with active assets.
Organizations continue to face a formidable challenge in prioritizing and remedying critical vulnerabilities within their cybersecurity landscape.
Despite maintaining similar patch rates across severity levels, the actual number of critical CVEs being patched remains notably low.
News URL
https://www.helpnetsecurity.com/2024/01/25/cybersecurity-attack-attempts-increase/
Related news
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- CrushFTP CEO's feisty response to VulnCheck's CVE for critical make-me-admin bug (source)
- Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) (source)