Weekly Enterprise Exploitation Trend Report

23-04-2025 to 29-04-2025

The report focuses solely on the exploitation statistics specific to enterprise vendors and their products over the past week, providing valuable insights to prioritize security measures and address emerging threats effectively.

216

Actively Exploited Vulnerabilities

100

Vendors Actively Exploited

Apache

Most Exploited Vendor

Cisco IOS XE

Most Exploited Product

Top 10 Actively Exploited Vendors

Apache

Ivanti

Atlassian

Palo Alto Networks

Oracle

VMware

Cisco

Microsoft

Citrix

Progress

Top 10 CVEs of 2025 with the Highest EPSS Scores - 29-04-2025

CVE-2023-42793

JetBrains TeamCity
Remote Code Execution
EPSS:0.94584
Percentile: 1

CVE-2024-27198

JetBrains TeamCity
Authentication Bypass
EPSS: 0.94579
Percentile: 1

CVE-2023-23752

Joomla
Improper Access Control
EPSS: 0.9452
Percentile: 1

CVE-2024-27199

JetBrains TeamCity
Path Traversal
EPSS: 0.94501
Percentile:0.99999

CVE-2023-44487

Ivanti Connect Secure
DoS
EPSS:0.94486
Percentile: 0.99998

CVE-2023-35078

Ivanti EPMM
Authentication Bypass
EPSS: 0.94485
Percentile: 0.99997

CVE-2023-34362

Progress MOVEit
SQL Injection
EPSS: 0.94485
Percentile:0.99998

CVE-2023-35082

Ivanti EPMM
Authentication Bypass
EPSS:0.94468
Percentile:0.99993

CVE-2024-6670

WhatUp Gold
SQL Injection
EPSS:0.94467
Percentile:0.99993

CVE-2024-23897

Jenkins
Path Traversal
EPSS:0.94466
Percentile:0.99993

Top Exploited CVEs Against Enterprise Applications

CVE-2023-20198

Critical

Cisco

Code/command Injection and Execution
Cisco IOS XE
-
United States

CVE-2022-41082

High

Exchange

Code/command Injection and Execution
Microsoft
Used by Ransomware
-
United States

CVE-2017-9841

Critical

PHPUnit - Sebastian Bergmann

Code/command Injection and Execution
PHPUnit
-
China

CVE-2021-42013

Critical

Apache

Path Traversal
Apache HTTP Server
Used by Ransomware
-
China

CVE-2019-1653

High

Cisco

Sensitive Information Disclosure
Cisco RV320/RV325
-
Netherlands

CVE-2022-26134

Critical

Atlassian

Code/command Injection and Execution
Confluence
Used by Ransomware
-
Germany

CVE-2022-40684

Critical

Fortinet

Authentication Bypass
FortiOS, FortiProxy, and FortiSwitchManager
Used by Ransomware
-
Vietnam

CVE-2023-0669

High

Fortra

Insecure Deserialization
GoAnywhere MFT
Used by Ransomware
-
Germany

CVE-2025-0108

High

Palo Alto Networks

Authentication Bypass
PAN-OS
-
United States

CVE-2024-24919

High

Check Point

Sensitive Information Disclosure
Check Point Security Gateway
Used by Ransomware
-
France

Top 10 Targeted Countries

China

47305

United States

36047

India

25101

Singapore

11106

Brazil

4708

Russia

4151

South Korea

4007

United Kingdom

3926

Turkey

3484

Germany

2776

Actively Exploited Enterprise Vendors

Most Active Ransomware Groups

Industry

Country

Ransomware

Business

Industry

United States

Country

secp0

Business

Industry

Portugal

Country

nova

Government

Industry

United States

Country

medusa

Business

Industry

United States

Country

rhysida

Business

Industry

Malaysia

Country

qilin

Business

Industry

Argentina

Country

gunra

Finance

Industry

United States

Country

hunters

Business

Industry

United States

Country

play

Business

Industry

United States

Country

ralord

Business

Industry

Costa Rica

Country

nightspire

Ransomware Posting Frequency by Group - Last 7 Days

Remotely Exploited CISA KEV CVEs Added

These vulnerabilities have been newly added to the Known Exploited Vulnerabilities (KEV) Catalog. Organizations should prioritize addressing them to mitigate risks.

CVE-2025-1976

CVE-2025-42599

CVE-2025-3928

CVE-2025-24054

CVE-2025-31201

CVE-2025-31200

CVE-2021-20035

CVE-2024-53150

CVE-2024-53197

CVE-2025-29824

Weekly Enterprise Exploitation Trend Report

Platform

Products

Use Cases

Company

Resources

Weekly Enterprise Exploitation Trend Report

Platform

Products

Use Cases

Company

Resources

Subscribe