Weekly Enterprise Exploitation Trend Report
18-06-2025 to 24-06-2025
The report focuses solely on the exploitation statistics specific to enterprise vendors and their products over the past week, providing valuable insights to prioritize security measures and address emerging threats effectively.
231
231
Actively Exploited Vulnerabilities
107
107
Vendors Actively Exploited
Apache
Apache
Most Exploited Vendor
Cisco IOS XE
Cisco IOS XE
Most Exploited Product
Top 10 Actively Exploited Vendors
1
Apache
2
Ivanti
3
Atlassian
4
Palo Alto Networks
5
Oracle
6
VMware
7
Cisco
8
Microsoft
9
Citrix
10
Spring
Top 10 CVEs of 2025 with the Highest EPSS Scores - 24-06-2025
1
CVE-2023-42793
- JetBrains TeamCity
- Remote Code Execution
- EPSS: 0.94584
- Percentile: 1
2
CVE-2024-27198
- JetBrains TeamCity
- Authentication Bypass
- EPSS: 0.94577
- Percentile: 1
3
CVE-2023-23752
- Joomla
- Improper Access Control
- EPSS: 0.94532
- Percentile: 1
4
CVE-2024-27199
- JetBrains TeamCity
- Path Traversal
- EPSS: 0.94489
- Percentile: 0.99999
5
CVE-2023-35078
- Ivanti EPMM
- Authentication Bypass
- EPSS: 0.94485
- Percentile: 0.99997
6
CVE-2023-34362
- Progress MOVEit
- SQL Injection
- EPSS: 0.94485
- Percentile: 0.99998
7
CVE-2023-35082
- Ivanti EPMM
- Authentication Bypass
- EPSS: 0.94468
- Percentile: 0.99995
8
CVE-2024-6670
- WhatUp Gold
- SQL Injection
- EPSS: 0.94467
- Percentile: 0.99995
9
CVE-2024-23897
- Jenkins
- Path Traversal
- EPSS: 0.94466
- Percentile: 0.99994
10
CVE-2023-46747
- Big-IP
- Remote Code Execution
- EPSS: 0.94441
- Percentile: 0.99987
Top Exploited CVEs Against Enterprise Applications
CVE-2023-20198
Critical
Critical
Critical
Critical
- Code/command Injection and Execution
- Cisco IOS XE
- -United States
CVE-2022-41082
High
High
High
High
- Code/command Injection and Execution
- Exchange
- Used by Ransomware-United States
CVE-2017-9841
Critical
Critical
Critical
Critical
- Code/command Injection and Execution
- PHPUnit
- -China
CVE-2021-42013
Critical
Critical
Critical
Critical
- Path Traversal
- Apache HTTP Server
- Used by Ransomware-China
CVE-2019-1653
High
High
High
High
- Sensitive Information Disclosure
- Cisco RV320/RV325
- -Netherlands
CVE-2023-22527
Critical
Critical
Critical
Critical
- Code/command Injection and Execution
- Confluence
- Used by Ransomware-Bangladesh
CVE-2022-40684
High
High
High
High
- Authentication Bypass
- FortiOS, FortiProxy, and FortiSwitchManager
- Used by Ransomware-Republic of Korea
CVE-2022-26134
Critical
Critical
Critical
Critical
- Code/command Injection and Execution
- Confluence
- Used by Ransomware-Germany
CVE-2020-8193
Medium
Medium
Medium
Medium
- Authorization Bypass
- Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP
- -Germany
CVE-2023-0669
High
High
High
High
- Insecure Deserialization
- GoAnywhere MFT
- Used by Ransomware-Germany
Top 10 Targeted Countries
Top 10 Targeted Countries
China
:
33482
India
:
31948
United States
:
25286
Singapore
:
10093
Russia
:
4298
Brazil
:
3840
UK
:
3250
South Korea
:
3017
Germany
:
2926
Vietnam
:
2597
Actively Exploited Enterprise Vendors
Apache | Ivanti | Atlassian | D-Link | Palo Alto Networks | Oracle | VMware | Cisco | Microsoft | Draytek | Netgear | Citrix | Spring | F5 | Progress | Adobe | SAP | Zoho | Zyxel | Wordpress | Realtek | Fortinet | SolarWinds | Synacor | Geoserver | JetBrains | QNAP | Drupal | Elastic | Sonatype | Tenda | SonicWall | Aviatrix | Juniper | Jenkins | TopThink | Dasan | PHPUnit - Sebastian Bergmann | Fortra | Zyxel/Billion | Check Point | Open Source Matters, Inc/Joomla community | ownCloud | Laravel | PHP Foundation | ASUS | SaltStack | Langflow | ConnectWise | NextGen Healthcare | nostromo | PrimeFaces | Hitachi Vantara | Pulse Secure | vBulletin | Webmin | mongo-express | CrushFTP | LG | Rejetto | TP-Link | Barco/AWIND | Micro Focus | Metabase | Linear | MobileIron | Sunhillo | Dahua | Hikvision | WSO2 | CONTEC | GLPI (teclib) | dotCMS | Sitecore | Cacti | Sophos | PaperCut | IBM | Mitel | SysAid | Qlik | ForgeRock | Lime Technology | Commvault | Yealink | MinIO | Terramaster | NAKIVO | Node.js | Grafana | Wazuh | GeoVision | RedHat | D-Link/TRENDnet | Ruckus | Telerik | Ignite Realtime | Grandstream | Arcadyan | Cleo | CyberPanel | PTZOptics | Kentico | netis | SugarCRM | Array Networks | ServiceNow
Most Active Ransomware Groups
Ransomware Posting Frequency by Group - Last 7 Days
Remotely Exploited CISA KEV CVEs Added
These vulnerabilities have been newly added to the Known Exploited Vulnerabilities (KEV) Catalog. Organizations should prioritize addressing them to mitigate risks.
CVE-2023-0386
CVE-2023-33538
CVE-2025-43200
CVE-2025-33053
CVE-2025-24016
CVE-2024-42009
CVE-2025-32433
CVE-2025-5419
CVE-2025-21479
CVE-2025-21480