Weekly Enterprise Exploitation Trend Report

19-11-2025 to 25-11-2025

The report focuses solely on the exploitation statistics specific to enterprise vendors and their products over the past week, providing valuable insights to prioritize security measures and address emerging threats effectively.

248

Actively Exploited Vulnerabilities

106

Vendors Actively Exploited

Apache

Most Exploited Vendor

Cisco IOS XE

Most Exploited Product

Top 10 Actively Exploited Vendors

Apache

Ivanti

Atlassian

Cisco

Oracle

Microsoft

Citrix

VMware

Palo Alto Networks

Adobe

Top 10 CVEs of 2025 with the Highest EPSS Scores -25-11-2025

CVE-2024-27198

JetBrains TeamCity
Authentication Bypass
EPSS: 0.94579
Percentile: 1

CVE-2023-23752

Joomla
Improper Access Control
EPSS: 0.94517
Percentile: 1

CVE-2024-27199

JetBrains TeamCity
Path Traversal
EPSS: 0.94489
Percentile: 0.99999

CVE-2023-35078

Ivanti EPMM
Authentication Bypass
EPSS: 0.94482
Percentile: 0.99999

CVE-2023-44487

HTTP/2
Denial of Service
EPSS: 0.94474
Percentile: 0.99997

CVE-2024-6670

WhatsUp Gold
SQL Injection
EPSS: 0.94468
Percentile: 0.99996

CVE-2024-23897

Jenkins
Arbitrary File Read
EPSS: 0.94455
Percentile: 0.99992

CVE-2023-32315

Openfire
Path Traversal
EPSS: 0.94441
Percentile: 0.99989

CVE-2023-38035

Ivanti MobileIron Sentry
Authentication Bypass
EPSS: 0.94438
Percentile: 0.99986

CVE-2024-7593

Ivanti vTM
Authentication Bypass
EPSS: 0.94436
Percentile: 0.99985

Top Exploited CVEs Against Enterprise Applications

CVE-2023-20198

Critical

Cisco

Code/command Injection and Execution
Cisco IOS XE
-
United States

CVE-2021-42013

Critical

Apache

Code/command Injection and Execution
Apache HTTP Server
Used by Ransomware
-
United States

CVE-2017-9841

Critical

PHPUnit - Sebastian Bergmann

Code/command Injection and Execution
PHPUnit
-
United States

CVE-2022-41082

Critical

Microsoft

Code/command Injection and Execution
Exchange
Used by Ransomware
-
United States

CVE-2019-1653

High

Cisco

Sensitive Information Disclosure
Cisco RV320/RV325
-
Netherlands

CVE-2022-40684

Critical

Fortinet

Authentication Bypass
FortiOS, FortiProxy, and FortiSwitchManager
Used by Ransomware
-
France

CVE-2023-22527

Critical

Atlassian

Code/command Injection and Execution
Confluence
Used by Ransomware
-
Germany

CVE-2024-24919

High

Check Point

Sensitive Information Disclosure
Check Point Security Gateway
Used by Ransomware
-
Sweden

CVE-2025-0108

High

Palo Alto Networks

Authentication Bypass
PAN-OS
-
Netherlands

CVE-2018-13379

Critical

Fortinet

Path Traversal
FortiOS
Used by Ransomware
-
Bulgaria

Top 10 Targeted Countries

China

43066

United States

34946

Singapore

21012

Vietnam

13319

India

10087

Brazil

4150

4068

Russia

3827

Pakistan

3342

South Korea

3009

Actively Exploited Enterprise Vendors

Most Active Ransomware Groups

Industry

Country

Ransomware

Business

Industry

United States

Country

interlock

Business

Industry

Germany

Country

safepay

Business

Industry

Canada

Country

qilin

Business

Industry

United States

Country

akira

Business

Industry

United States

Country

sinobi

Education

Industry

Canada

Country

rhysida

Social Media

Industry

China

Country

chaos

Healthcare

Industry

United States

Country

nova

Business

Industry

Mexico

Country

tengu

Business

Industry

Belgium

Country

everest

Ransomware Posting Frequency by Group - Last 7 Days

Remotely Exploited CISA KEV CVEs Added

These vulnerabilities have been newly added to the Known Exploited Vulnerabilities (KEV) Catalog. Organizations should prioritize addressing them to mitigate risks.

CVE-2025-61757

CVE-2025-13223

CVE-2025-58034

CVE-2025-64446

CVE-2025-12480

CVE-2025-62215

CVE-2025-9242

CVE-2025-21042

CVE-2025-48703

CVE-2025-11371

Weekly Enterprise Exploitation Trend Report

Platform

Use Cases

Company

Resources

Weekly Enterprise Exploitation Trend Report

Platform

Use Cases

Company

Resources

Subscribe