.svg){kind=icon}
.svg){kind=icon}
.jpg)
The men’s and women’s NCAA college basketball tournaments are coming to an exciting culmination this weekend in the semi-final round, with the Final Four teams in each league squaring off. It’s the conclusion of March Madness, a month-long spectacle millions of fans enjoy. What if we had our own competition, to see which security vulnerabilities are at the top of the heap, meaning the worst of the worst?
Over the years this work has been accomplished by the Open Worldwide Application Security Project (better known as OWASP), the nonprofit that performs an exceptional service to the security community in identifying the most common and impactful vulnerabilities, which the organization ranks in the OWASP Top 10. Similar OWASP lists exist for the top 10 vulnerabilities in APIs and, since 2023, the OWASP Top 10 for LLMs.
So, with a nod to OWASP and the NCAA, we asked members of the Cobalt Core, our team of expert pentesters, to come up with our own “Final Four of Top Vulnerabilities.” Our bracket consisted of the OWASP Top 10 lists, and we asked our pentesters to nominate which vulnerabilities they consider to be the most critical among them.
The pentesters selected one from the OWASP Top 10 Web Application Vulnerabilities, one from the OWASP API Security Top 10, and two from the OWASP Top 10 for LLM Applications, out of respect for the rapid rise of genAI and its security challenges.
Our Final Four Top Vulnerabilities of 2025 are described below.
Top Web Application Security Vulnerability
Although this one is ranked number three on the 2021 OWASP Top 10, for our pentesters it was number one: Injection.
As pentester Deependra Bapna told us, using injection an attacker can perform various actions from the client side to the server side. An attacker can use these vulnerabilities to gain access to sensitive data, like customer data, because it allows read and write access to the database. In some cases, attackers can run operating system commands which could lead to full server compromise.
“There is a lot of versatility in how this vulnerability could be weaponized,” tester “SD” said, noting they have discovered SQL injections many times in pentests.
Top API Security Vulnerability
It’s number seven according to the OWASP API Security Top 10, but the vulnerability from this list most commonly cited by our testers was Server Side Request Forgery (SSRF).
An attacker can use this type of vulnerability to execute server side commands and can escalate to remote code execution, one pentester told us.
Another pentester, who prefers anonymity, offered that they have found SSRF many times in pentests.
SSRF allows attackers to interact directly with the OS services, and “in a cloud environment it could also reveal critical secrets that if not configured securely could lead to complete infrastructure compromise,” pentester SD said.
Top LLM Vulnerabilities
There was pretty broad consensus among our testers, who we asked to pick two of the OWASP Top 10 for LLMs, about which were the most critical: Prompt Injection was cited most frequently. Following close behind, the second worst LLM vulnerability chosen by pentesters was Sensitive Information Disclosure.
Prompt injection could allow attackers to misuse the AI system and severely impact its confidentiality and integrity, pentesters said.
Exploiting prompt injection vulnerabilities, “I was able to trick AI to either generate malicious content or leak internal system prompts,” our pentester Deependra Bapna said.
In one example, Cobalt pentesters tricked the AI chatbot of a Cobalt customer—an education company—into producing content inappropriate for elementary and middle school students. While the AI tutor aimed to provide educationally valuable information, it would readily explain topics such as human reproduction, linking to YouTube videos outside of the application for further details.
Sensitive Information Disclosure, according to OWASP, could include such information as personal identifiable information (PII), as well as financial information, health records, or legal documents. Even security credentials, or the proprietary source code of the model, could be leaked without proper sanitization or access controls.
Knowledge is Power—finding and fixing the worst vulnerabilities
Our unscientific process identified four of the worst vulnerabilities by talking to a handful of testers from our team. But Cobalt has conducted thousands of pentests over the last 10 years. Drawing on the wealth of data about these tests, Cobalt produces an annual report that sheds light on the types of security weaknesses pentesting uncovers.
From the most common types of vulnerabilities discovered, to how many are eventually fixed, and how long it takes to resolve these issues, the State of Pentesting Report delivers information security teams can use to understand how to improve their own pentesting programs.
The 2025 edition of the State of Pentesting Report will be published April 14, 2025, but you can pre-register today to get your copy of the report as soon as it is released.
