Top 10 Cloud Misconfigurations in 2025

Cloud misconfigurations remain the leading cause of data breaches. According to industry reports, over 65% of cloud security incidents are caused by customer misconfigurations rather than cloud provider failures.

1. Public S3 Buckets

AWS S3 buckets with overly permissive ACLs or bucket policies are still the #1 finding. Attackers use automated tools to scan for buckets named after company domains. ShadowSurface tests common bucket permutations automatically.

2. Open Database Ports

MongoDB, Elasticsearch, and Redis instances exposed to the internet without authentication are trivial to exploit. Default credentials make it even worse.

3. Missing Security Headers

Absence of Content-Security-Policy, HSTS, and X-Frame-Options allows clickjacking, XSS, and man-in-the-middle attacks.

4. Overly Permissive IAM Roles

IAM roles with wildcard permissions (*:*) or broad resource access create lateral movement opportunities for attackers who breach a single service.

5. Exposed Kubernetes Dashboards

Kubernetes dashboards and API servers without proper network policies are frequently found on public IPs, allowing cluster takeover.

ShadowSurface’s cloud scanner continuously probes for these and other misconfigurations across AWS, GCP, and Azure.