The Vulnerability Explosion: Why Software Misconfigurations and Legacy Flaws Power Cybercrime
July 4, 2025
5 min read
July 4, 2025
5 min read
By Ben Lipczynski
Director, Security Services
The cybersecurity landscape is under constant pressure from a relentless rise in software vulnerabilities and evolving threat actor tactics. Software misconfigurations in web applications and on-premises systems become critical entry points for threat actors to move unhindered through compromised environments. Addressing these vulnerabilities is essential for creating a robust IT infrastructure capable of countering cyber risks effectively, whether preventing an attack or reducing the impact of an attack on operations.
The numbers tell a sobering story. In 1999, 321 common vulnerabilities and exposures (CVEs) were issued. In 2024, the total number of CVE records climbed to 270,768 with over 40,000 incidents receiving the CVE identifier last year, according to Cyber Press. This represents a 38% increase over 2023, when there were 28, 818 formally logged vulnerabilities.
But volume isn’t everything. While the sheer number of reported vulnerabilities continues to grow, not all of them carry the same risk. Many remain unprioritized despite being actively exploited. Organizations must look beyond raw numbers and focus on prioritizing these risks based on their own context, not just theoretical severity.
Within the pool of over 280,000 known vulnerabilities, only a dynamic and evolving subset poses present danger to organizations. But at the same time, older vulnerabilities regularly become newly exploitable when threat actors develop new access tools and techniques.
To better manage vulnerabilities, organizations must continuously monitor threat intelligence, such as the information on Origina’s Vulnerability Advisory Portal. The portal identifies security risks associated with supported products and visually prioritizes vulnerabilities with the highest risk. It also alerts customers to critical cybersecurity risks as they develop and assures data accuracy by displaying timely, actionable intelligence through integration with Origina partner, SecAlliance.
Another crucial step is to effectively prioritize vulnerability remediation efforts based on an organization’s particular context. This is about maximizing limited resources. Here are just three examples of many types of data points.
Security vulnerabilities can still be exploited by threat actors no matter what year they were assigned a CVE. For example, the percentage of new weaponized vulnerabilities slightly declined in 2022, but 539 older CVEs were weaponized for the first time. Some of these date as far back as 2004.
Organizations must adapt their security vulnerability management strategies to ensure historical threats are included. Mitigating older flaws can be just as crucial as addressing new ones. It’s important to identify risks and vulnerabilities regardless of when it was initially reported or age and version of the product.
A concerning trend in the threat actor ecosystem is the growth of initial access brokers (IABs), specialists who break into corporate networks and sell that access to other cybercriminals.
“Think of them as high-tech locksmiths for hire,” according to an article on Bleeping Computer. “They crack security systems and sell the ‘keys’ to ransomware groups and cyber criminals who launch their own attacks.”
IAB methods focus on:
In 2022, for example, at least 17 new CVEs were added to the IAB toolkit, further empowering their operations, according to the 2023 Qualys Trurisk Research Report.
Software misconfigurations continue to plague web applications. In an analysis of 370,000 apps, 25 million vulnerabilities were discovered, with 33% attributed to misconfiguration alone, according to Qualys.
Among supported products, Origina has identified that 74% of vulnerabilities have stemmed from open-source components and less than 15% from misconfigurations. Simple oversights—like verbose error messages or unprotected API endpoints—can expose sensitive data and leave applications open to attack.
According to the 2023 Qualys TruRisk report, the most common risks in web apps include:
Despite decades of security awareness, these remain among the most frequent and dangerous issues in modern web apps.
In 2024, on-premises failures related to default configurations of software and applications, improper separation of user and/or administrator privileges, and insufficient internal network monitoring exposed organizations to vulnerabilities and potential attacks, including ransomware and data breaches.
Even simple missteps in areas like passwords or permissions can allow attackers to escalate privileges and establish footholds. A few years ago, Qualys detected over 100,000 potential misconfigurations, and in 2022, the most frequent on-premises failures related to:
A joint study by MITRE and Qualys showed a direct correlation between software misconfigurations and ransomware attack techniques, using the MITRE ATT&CK framework.
Cloud misconfigurations are linked to:
On-premises misconfigurations are linked to:
Misconfigurations are not passive oversights. They are active enablers of modern ransomware campaigns whose problem areas include attack surface reduction (ASR) settings being disabled, weak password and RDP configurations, and UNC path and firewall misconfigurations, which facilitate lateral movement.
Fortunately, some insecure defaults are now being overridden by administrators more than half the time, which is a sign of growing awareness and improved security posture.
Despite better tools and growing awareness, misconfigurations, credential abuse, and historical vulnerabilities remain core enablers of ransomware and advanced threats.
The path forward requires a contextual, risk-based, defense-in-depth framework that:
Cybersecurity is not just about checkbox patching — it’s about strategy, prioritization, and closing the doors attackers already know how to find. The old OEM patch/fix alone does not provide enough coverage to keep organizations safe from cyberattacks. To stay secure, organizations need expert independent software maintenance partners who can close security gaps and offer proactive monitoring and tailored solutions that extend the lifecycle of IT assets while also keeping them secure and compliant.
Origina Director of Security Services Ben Lipczynski served for 12 years in the British Royal Navy where he was responsible for the safety and security of numerous operations and systems, including advanced security solutions, mission-critical information systems, and strategic weapons engineering operations. After a stint as the Global IT/Communications Networks Operations Manager for the U.K. Ministry of Defense, Ben held various corporate cybersecurity roles at EY, Accenture, and Deloitte before joining Origina. He holds two patents, one for a multimodal object detection system with a 5G array and another for a dynamic end point configuration-based deployment of network infrastructure. Ben is also the co-author of a government white paper on the Command-and-Control process of future nuclear deterrence.
Gain insight into industry-only news, access to webinars, tips and tricks, blog posts, podcasts, and guides, surrounding topics like cybersecurity, reducing software support and maintenance costs and much more, all delivered to your inbox each month.
LEARN MORE
