What type of vulnerability is characterized by a previously unknown flaw discovered in software, exposing customer data?

A zero-day vulnerability refers to a flaw in software that is unknown to those who should be interested in its mitigation, such as the software vendor or the general security community. Because the vulnerability is not publicly known, there are no patches or defenses available against it, meaning that any exploit is particularly dangerous. When such a flaw is discovered, it can result in significant risks, including unauthorized access to sensitive customer data.

In contrast, a known vulnerability would refer to flaws that have been identified and for which fixes or patches are usually available. Patch vulnerabilities pertain to issues related to the effectiveness or application of a patch but do not embody the risk associated with a newly discovered flaw. Logical vulnerabilities involve flaws related to the design or implementation of software systems but do not specifically denote a previously unknown error. Therefore, the characterization of an unknown flaw exposing customer data aligns directly with the definition of a zero-day vulnerability.