Weekly Enterprise Exploitation Trend Report

23-04-2025 to 29-04-2025
The report focuses solely on the exploitation statistics specific to enterprise vendors and their products over the past week, providing valuable insights to prioritize security measures and address emerging threats effectively.
216
216
Actively Exploited Vulnerabilities
100
100
Vendors Actively Exploited
Apache
Apache
Most Exploited Vendor
Cisco IOS XE
Cisco IOS XE
Most Exploited Product
Top 10 Actively Exploited Vendors
1
Apache
2
Ivanti
3
Atlassian
4
Palo Alto Networks
5
Oracle
6
VMware
7
Cisco
8
Microsoft
9
Citrix
10
Progress
Top 10 CVEs of 2025 with the Highest EPSS Scores - 29-04-2025
1
CVE-2023-42793
  • JetBrains TeamCity
  • Remote Code Execution
  • EPSS:0.94584
  • Percentile: 1
2
CVE-2024-27198
  • JetBrains TeamCity
  • Authentication Bypass
  • EPSS: 0.94579
  • Percentile: 1
3
CVE-2023-23752
  • Joomla
  • Improper Access Control
  • EPSS: 0.9452
  • Percentile: 1
4
CVE-2024-27199
  • JetBrains TeamCity
  • Path Traversal
  • EPSS: 0.94501
  • Percentile:0.99999
5
CVE-2023-44487
  • Ivanti Connect Secure
  • DoS
  • EPSS:0.94486
  • Percentile: 0.99998
6
CVE-2023-35078
  • Ivanti EPMM
  • Authentication Bypass
  • EPSS: 0.94485
  • Percentile: 0.99997
7
CVE-2023-34362
  • Progress MOVEit
  • SQL Injection
  • EPSS: 0.94485
  • Percentile:0.99998
8
CVE-2023-35082
  • Ivanti EPMM
  • Authentication Bypass
  • EPSS:0.94468
  • Percentile:0.99993
9
CVE-2024-6670
  • WhatUp Gold
  • SQL Injection
  • EPSS:0.94467
  • Percentile:0.99993
10
CVE-2024-23897
  • Jenkins
  • Path Traversal
  • EPSS:0.94466
  • Percentile:0.99993
Top Exploited CVEs Against Enterprise Applications
CVE-2023-20198
Critical
Critical
Critical
Critical
Cisco
  • Code/command Injection and Execution
  • Cisco IOS XE
  • -
    United States
CVE-2022-41082
High
High
High
High
Exchange
  • Code/command Injection and Execution
  • Microsoft
  • Used by Ransomware
    -
    United States
CVE-2017-9841
Critical
Critical
Critical
Critical
PHPUnit - Sebastian Bergmann
  • Code/command Injection and Execution
  • PHPUnit
  • -
    China
CVE-2021-42013
Critical
Critical
Critical
Critical
Apache
  • Path Traversal
  • Apache HTTP Server
  • Used by Ransomware
    -
    China
CVE-2019-1653
High
High
High
High
Cisco
  • Sensitive Information Disclosure
  • Cisco RV320/RV325
  • -
    Netherlands
CVE-2022-26134
Critical
Critical
Critical
Critical
Atlassian
  • Code/command Injection and Execution
  • Confluence
  • Used by Ransomware
    -
    Germany
CVE-2022-40684
Critical
Critical
Critical
Critical
Fortinet
  • Authentication Bypass
  • FortiOS, FortiProxy, and FortiSwitchManager
  • Used by Ransomware
    -
    Vietnam
CVE-2023-0669
High
High
High
High
Fortra
  • Insecure Deserialization
  • GoAnywhere MFT
  • Used by Ransomware
    -
    Germany
CVE-2025-0108
High
High
High
High
Palo Alto Networks
  • Authentication Bypass
  • PAN-OS
  • -
    United States
CVE-2024-24919
High
High
High
High
Check Point
  • Sensitive Information Disclosure
  • Check Point Security Gateway
  • Used by Ransomware
    -
    France
Top 10 Targeted Countries
Top 10 Targeted Countries
China
:
47305
United States
:
36047
India
:
25101
Singapore
:
11106
Brazil
:
4708
Russia
:
4151
South Korea
:
4007
United Kingdom
:
3926
Turkey
:
3484
Germany
:
2776
Actively Exploited Enterprise Vendors
Apache | Ivanti | Atlassian | D-Link | Palo Alto Networks | Oracle | VMware | Cisco | Microsoft | Citrix | Progress | Spring | F5 | Adobe | Draytek | Zoho | Zyxel | Wordpress | Realtek | Netgear | Fortinet | SolarWinds | SonicWall | JetBrains | Synacor | Geoserver | QNAP | Tenda | Sonatype | Elastic | SAP | Aviatrix | Juniper | Jenkins | TopThink | Dasan | PHPUnit - Sebastian Bergmann | Zyxel/Billion | Fortra | Check Point | PHP Foundation | ownCloud | Open Source Matters, Inc/Joomla community | Pulse Secure | Laravel | SaltStack | LG | Linear | ForgeRock | Telerik | Sitecore | PaperCut | PrimeFaces | NextGen Healthcare | Drupal | Barco/AWIND | GLPI (teclib) | Node.js | Webmin | vBulletin | mongo-express | CONTEC | IBM | TP-Link | ConnectWise | Metabase | nostromo | Hikvision | Hitachi Vantara | Micro Focus | Mitel | Grafana | Sunhillo | Terramaster | dotCMS | WSO2 | Lime Technology | MobileIron | Dahua | Rejetto | NAKIVO | MinIO | SysAid | Kentico | Sophos | Cacti | Qlik | Yealink | CrushFTP | Arcadyan | SugarCRM | Ruckus | Array Networks | ServiceNow | SimpleHelp | CyberPanel | Embedthis | netis | Grandstream | Edimax
Most Active Ransomware Groups
#
Industry
Country
Ransomware
1
1
Business
Industry
United States
Country
secp0
2
2
Business
Industry
Portugal
Country
nova
3
3
Government
Industry
United States
Country
medusa
4
4
Business
Industry
United States
Country
rhysida
5
5
Business
Industry
Malaysia
Country
qilin
6
6
Business
Industry
Argentina
Country
gunra
7
7
Finance
Industry
United States
Country
hunters
8
8
Business
Industry
United States
Country
play
9
9
Business
Industry
United States
Country
ralord
10
10
Business
Industry
Costa Rica
Country
nightspire
Ransomware Posting Frequency by Group - Last 7 Days
Remotely Exploited CISA KEV CVEs Added
These vulnerabilities have been newly added to the Known Exploited Vulnerabilities (KEV) Catalog. Organizations should prioritize addressing them  to mitigate risks.
CVE-2025-1976
CVE-2025-42599
CVE-2025-3928
CVE-2025-24054
CVE-2025-31201
CVE-2025-31200
CVE-2021-20035
CVE-2024-53150
CVE-2024-53197
CVE-2025-29824