Cybercrime / malware / ransomware / hacking

Top 10 vulnerabilities uncovered by penetration tests in 2025

Penetration testing is a security test that simulates a real-world cyber attack on a system to identify vulnerabilities and is a practical way of assessing a system’s hardware and software security. Pen testing lets companies uncover any lax security practices or insecure software within their system before they can be exploited by malicious actors and therefore reducing the real-world risks facing the business.

Here are the top 10 vulnerabilities uncovered by penetration testing in 2025:

1. Weak passwords and authentication

Despite the warnings people continue to choose weak passwords and reuse passwords between multiple websites and services. Weak passwords, such as those that are only a few characters long, dictionary words (many people still choose “password”!), or dates can quickly be cracked. And if a password is used on multiple services then as soon as one is breached then the hackers have access to all of the others.

Choose a long password that is either randomly generated or a full phrase or sentence makes it much more difficult to crack by simply trying all possibilities. If you add two-factor authentication (2FA) into the mix as well, even if somehow a hacker finds out your password they are unlikely to also have access to your authenticator app as well, so they would still not again access to your account.

2. Outdated or unpatched software

Modern software is complex. It is generally thousands of lines of code that have been written by different people at different times and bugs are almost a certainty. Even the best developers make mistakes, and that means that eventually security issues will appear. Good software developers will fix these issues quickly with “patches” as soon as they are reported, but if you do not keep your software up-to-date then you will not be protected.

To keep your systems secure, you should prioritise installing critical updates and regularly install available patches. Vulnerability scanners can help automate updates and keep your systems secure.

3. Misconfigured cloud services

The cloud brings us enormous amounts of storage and processing power that is available on-demand. However, cloud storage, such as S3-compatible buckets, are often misconfigured leaving them unencrypted and with overly permissive access, which means that your data is available to be harvested if someone knows where to look.

To avoid these issues, you should look into setting up up Identity and Access Management (IAM) controls and enabling logging, so that you can control who has access to the files and will notice if anyone outside your team gains access.

4. SQL injection vulnerabilities

SQL injections are a common attack technique where a hacker will insert malicious SQL statements into an entry field which then get executed by the software, such as dumping their contents and exposing private data.

To reduce the risk of SQL injection attacks, you should always validate entry fields, implement application firewalls, and only provide access to entry fields to those that require it.

5. Cross-site scripting (XSS)

XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users and are used to bypass access controls such as the same-origin policy. To mitigate the risks of XSS attacks, you should sanitize inputs and implement secure coding practices and content security polices throughout the business.

6. Mismanaged permissions and privilege escalation

In a privilege escalation attack, a hacker will exploit a vulnerability in the system to gain privileges such as administrative rights so they can perform unauthorised actions such as accessing private data or installing malware.

The principle of least privilege (POLP) states that users should only ever be given permissions that are strictly required for them to do their jobs and this will mitigate some of the risks associated with a privilege escalation attack. However, it is also critical to further limit exposure through regular access and security reviews to make sure the principle is being followed.

7. Insecure APIs

Application Programming Interfaces (APIs) act as bridges between platforms, allowing applications to access data and other features from other services. If an API is poorly designed or secured it can be used as an attack vector for hackers looking to expose data or gain access to other back-end systems.

To mitigate the risks associated with providing API access, you should implement secure authentication mechanisms and rate limit access so that you will discover and block any access that is being abused.

8. Lack of network segmentation

Flat network designs allow attackers to move seamlessly throughout the network, so that as soon as they have broken through the first line of defences they have access to the whole system. Instead, network segmentation allows you multiple lines of defences, which makes it much more difficult for an attacker to access everything on the network without being discovered.

9. Insufficient endpoint protection

Any device with access to the network is known as an “endpoint”, and it is often these laptops and mobile devices that serve to be the most effective entry points to the network for attackers as their security is limited by the user. To mitigate these risks, all endpoints should be centrally managed and updated where possible and businesses should implement endpoint detection and response (EDR) solutions alongside educating users on cybersecurity best practices.

10. Lack of proper encryption

All private data should be encrypted when it is both stored and transmitted to reduce the impact of interception or theft. Encryption protocols like HTTPS, TLS, and AES should be used for all data whether in transit or at rest and nothing should be stored in plaintext without good reason.

Address these vulnerabilities for a safer future

Managing potential vulnerabilities is a reality for most businesses. Addressing these top ten vulnerabilities and regularly assessing your own security and access protocols should be part of any company’s security strategy, but to be sure that your data is secure the best way to check is through regular penetration testing to stay ahead of the constantly evolving threats.

Photograph by Sebastiaan Stam on Unsplash