Weekly Enterprise Exploitation Trend Report

10-09-2025 to 16-09-2025

The report focuses solely on the exploitation statistics specific to enterprise vendors and their products over the past week, providing valuable insights to prioritize security measures and address emerging threats effectively.

247

Actively Exploited Vulnerabilities

110

Vendors Actively Exploited

Apache

Most Exploited Vendor

Cisco IOS XE

Most Exploited Product

Top 10 Actively Exploited Vendors

Apache

Ivanti

Atlassian

Cisco

Citrix

Oracle

VMware

Microsoft

Palo Alto Networks

Adobe

Top 10 CVEs of 2025 with the Highest EPSS Scores -02-09-2025

CVE-2023-42793

JetBrains TeamCity
Remote Code Execution
EPSS: 0.94582
Percentile: 1

CVE-2024-27198

JetBrains TeamCity
Authentication Bypass
EPSS: 0.94575
Percentile: 1

CVE-2023-23752

Joomla
Improper Access Control
EPSS: 0.94532
Percentile: 1

CVE-2023-35078

Ivanti EPMM
Authentication Bypass
EPSS: 0.94482
Percentile:0.99999

CVE-2024-27199

JetBrains TeamCity
Path Traversal
EPSS:0.94476
Percentile: 0.99998

CVE-2024-6670

WhatUp Gold
SQL Injection
EPSS: 0.94467
Percentile: 0.99995

CVE-2023-35082

Ivanti EPMM
Authentication Bypass
EPSS: 0.9445
Percentile: 0.99991

CVE-2024-23897

Jenkins
Path Traversal
EPSS: 0.94442
Percentile: 0.99989

CVE-2023-46747

F5 BIG-IP Configuration Utility
Authentication Bypass
EPSS:0.94439
Percentile: 0.99988

CVE-2023-44487

Apache ActiveMQ
Remote Code Execution
EPSS: 0.94437
Percentile: 0.99987

Top Exploited CVEs Against Enterprise Applications

CVE-2023-20198

Critical

Cisco

Code/command Injection and Execution
Cisco IOS XE
-
United States

CVE-2023-22515

Critical

Atlassian

Code/command Injection and Execution
Confluence
Used by Ransomware
-
United States

CVE-2023-42793

Critical

JetBrains

Authentication Bypass
TeamCity
Used by Ransomware
-
Poland

CVE-2017-9841

Critical

PHPUnit - Sebastian Bergmann

Code/command Injection and Execution
PHPUnit
-
France

CVE-2021-42013

Critical

Apache

Path Traversal
Apache HTTP Server
Used by Ransomware
-
China

CVE-2022-41082

Critical

Microsoft

Code/command Injection and Execution
Exchange
Used by Ransomware
-
United States

CVE-2022-26134

Critical

Atlassian

Code/command Injection and Execution
Confluence
Used by Ransomware
-
Germany

CVE-2019-1653

High

Cisco

Sensitive Information Disclosure
Cisco RV320/RV325
-
Netherlands

CVE-2021-44228

Critical

Apache

Code/command Injection and Execution
Log4j
Used by Ransomware
-
United States

CVE-2024-24919

High

Check Point

Sensitive Information Disclosure
Check Point Security Gateway
Used by Ransomware
-
United States

Top 10 Targeted Countries

China

32311

United States

29797

Egypt

10651

Singapore

10370

India

8520

Russia

3784

Brazil

3594

South Korea

3499

3404

Germany

2870

Actively Exploited Enterprise Vendors

Most Active Ransomware Groups

Industry

Country

Ransomware

Healthcare

Industry

Saudi Arabi

Country

killsec3

Business

Industry

Germany

Country

sarcoma

Business

Industry

Netherlands

Country

imn crew

Business

Industry

Taiwan

Country

warlock

Business

Industry

United States

Country

termite

Business

Industry

Austria

Country

the gentlemen

Business

Industry

China

Country

devman2

Business

Industry

India

Country

play

Government

Industry

United States

Country

coinbase cartel

Business

Industry

United States

Country

metaencryptor

Ransomware Posting Frequency by Group - Last 7 Days

Remotely Exploited CISA KEV CVEs Added

These vulnerabilities have been newly added to the Known Exploited Vulnerabilities (KEV) Catalog. Organizations should prioritize addressing them to mitigate risks.

CVE-2025-5086

CVE-2025-38352

CVE-2025-48543

CVE-2025-53690

CVE-2023-50224

CVE-2025-9377

CVE-2020-24363

CVE-2025-55177

CVE-2025-57819

CVE-2025-7775

Weekly Enterprise Exploitation Trend Report

Platform

Use Cases

Company

Resources

Weekly Enterprise Exploitation Trend Report

Platform

Use Cases

Company

Resources

Subscribe