Weekly Enterprise Exploitation Trend Report

17-12-2025 to 23-12-2025

The report focuses solely on the exploitation statistics specific to enterprise vendors and their products over the past week, providing valuable insights to prioritize security measures and address emerging threats effectively.

251

Actively Exploited Vulnerabilities

108

Vendors Actively Exploited

Apache

Most Exploited Vendor

React Server Components

Most Exploited Product

Top 10 Actively Exploited Vendors

Apache

Ivanti

Atlassian

Oracle

Cisco

Microsoft

Citrix

Palo Alto Networks

VMware

Fortinet

Top 10 CVEs of 2025 with the Highest EPSS Scores -23-12-2025

CVE-2024-27198

JetBrains TeamCity
Authentication Bypass
EPSS: 0.94579
Percentile: 1

CVE-2023-23752

Joomla
Improper Access Control
EPSS: 0.94502
Percentile: 1

CVE-2024-27199

JetBrains TeamCity
Path Traversal
EPSS: 0.94489
Percentile: 0.99999

CVE-2023-35078

Ivanti EPMM
Authentication Bypass
EPSS: 0.94482
Percentile: 0.99998

CVE-2024-6670

WhatsUp Gold
SQL Injection
EPSS: 0.94468
Percentile: 0.99996

CVE-2024-23897

Jenkins
Arbitrary File Read
EPSS: 0.94466
Percentile: 0.99995

CVE-2023-44487

HTTP/2 Protocol
Denial of Service
EPSS: 0.94461
Percentile: 0.99993

CVE-2023-32315

Openfire
Path Traversal
EPSS: 0.94441
Percentile: 0.99989

CVE-2023-38035

Ivanti MobileIron Sentry
Authentication Bypass
EPSS: 0.94438
Percentile: 0.99986

CVE-2024-7593

Ivanti vTM
Authentication Bypass
EPSS: 0.94436
Percentile: 0.99985

Top Exploited CVEs Against Enterprise Applications

CVE-2025-55182

Critical

Meta

Code/command Injection and Execution
React Server Components
Used by Ransomware
-
United States

CVE-2023-20198

Critical

Cisco

Code/command Injection and Execution
Cisco IOS XE
-
United States

CVE-2022-41082

Critical

Microsoft

Code/command Injection and Execution
Exchange
Used by Ransomware
-
United States

CVE-2021-42013

Critical

Apache

Code/command Injection and Execution
Apache HTTP Server
Used by Ransomware
-
China

CVE-2017-9841

Critical

PHPUnit - Sebastian Bergmann

Code/command Injection and Execution
PHPUnit
-
United States

CVE-2025-5777

Critical

Citrix

Out-of-Bounds Read
Citrix NetScaler
Used by Ransomware
-
United States

CVE-2019-1653

High

Cisco

Sensitive Information Disclosure
Cisco RV320/RV325
-
United States

CVE-2021-44228

Critical

Apache

Code/command Injection and Execution
Log4j
Used by Ransomware
-
United States

CVE-2023-35078

Critical

Ivanti

Authentication Bypass
Endpoint Manager Mobile (EPMM), formerly MobileIron Core
Used by Ransomware
-
United States

CVE-2023-38035

Critical

Ivanti

Authentication Bypass
Sentry
Used by Ransomware
-
United States

Top 10 Targeted Countries

China

46075

United States

33142

Singapore

18926

Vietnam

14712

India

14712

Egypt

7198

Brazil

5553

Pakistan

4558

Russia

4373

4142

Actively Exploited Enterprise Vendors

Most Active Ransomware Groups

Industry

Country

Ransomware

Education

Industry

Malaysia

Country

qilin

Healthcare

Industry

United States

Country

anubis

Government

Industry

Thailand

Country

direwolf

Business

Industry

United States

Country

sinobi

Healthcare

Industry

Chile

Country

devman2

Business

Industry

Denmark

Country

akira

Business

Industry

Michigan

Country

securotrop

Business

Industry

United States

Country

interlock

Business

Industry

Spain

Country

ransomhouse

Business

Industry

Iran

Country

benzona

Ransomware Posting Frequency by Group - Last 7 Days

Remotely Exploited CISA KEV CVEs Added

These vulnerabilities have been newly added to the Known Exploited Vulnerabilities (KEV) Catalog. Organizations should prioritize addressing them to mitigate risks.

CVE-2023-52163

CVE-2025-14733

CVE-2025-59374

CVE-2025-40602

CVE-2025-20393

CVE-2025-59718

CVE-2025-14611

CVE-2025-43529

CVE-2018-4063

CVE-2025-14174

Weekly Enterprise Exploitation Trend Report

Platform

Use Cases

Company

Resources

Weekly Enterprise Exploitation Trend Report

Platform

Use Cases

Company

Resources

Subscribe