Most Critical Vulnerabilities Aren't Worth Your Attention
HelpNet Security, Monday, April 28th, 2025
Web applications face a wide range of risks, including known-exploitable vulnerabilities, supply chain attacks, and insecure identity configurations in CI/CD, according to the Datadog State of DevSecOps 2025 report.
By analyzing a dataset of applications to identify known third-party vulnerabilities, it was found that 15% of services are vulnerable to known-exploited vulnerabilities, affecting 30% of organizations.
They are particularly prevalent among Java services, with 44% of applications containing a known-exploited vulnerability. The average number of applications with a known-exploited vulnerability among the other services in the report (Go, Python, .NET, PHP, Ruby and JavaScript) was only 2%.