Weekly Enterprise Exploitation Trend Report

06-08-2025 to 12-08-2025

The report focuses solely on the exploitation statistics specific to enterprise vendors and their products over the past week, providing valuable insights to prioritize security measures and address emerging threats effectively.

247

Actively Exploited Vulnerabilities

111

Vendors Actively Exploited

Apache

Most Exploited Vendor

Geoserver

Most Exploited Product

Top 10 Actively Exploited Vendors

Apache

Ivanti

Atlassian

Cisco

Oracle

Palo Alto Networks

Microsoft

Citrix

VMware

Adobe

Top 10 CVEs of 2025 with the Highest EPSS Scores -12-08-2025

CVE-2023-42793

JetBrains TeamCity
Remote Code Execution
EPSS: 0.94582
Percentile: 1

CVE-2024-27198

JetBrains TeamCity
Authentication Bypass
EPSS: 0.94575
Percentile: 1

CVE-2023-23752

Joomla
Improper Access Control
EPSS: 0.94532
Percentile: 1

CVE-2023-35078

Ivanti EPMM
Authentication Bypass
EPSS: 0.94482
Percentile: 0.99999

CVE-2024-27199

JetBrains TeamCity
Path Traversal
EPSS: 0.94476
Percentile: 0.99999

CVE-2024-6670

WhatUp Gold
SQL Injection
EPSS: 0.94467
Percentile: 0.99996

CVE-2023-44487

HTTP/2
DoS
EPSS:0.94456
Percentile: 0.99994

CVE-2023-35082

Ivanti EPMM
Authentication Bypass
EPSS: 0.9445
Percentile: 0.99991

CVE-2024-23897

Jenkins
Path Traversal
EPSS: 0.94442
Percentile: 0.99988

CVE-2023-46747

F5 BIG-IP Configuration Utility
Authentication Bypass
EPSS: 0.94439
Percentile: 0.99987

Top Exploited CVEs Against Enterprise Applications

CVE-2024-36401

Critical

Geoserver

Code/command Injection and Execution
Geoserver
-
United Kingdom

CVE-2023-20198

Critical

Cisco

Code/command Injection and Execution
Cisco IOS XE
-
United States

CVE-2024-3400

Critical

Palo Alto Networks

Code/command Injection and Execution
GlobalProtect
Used by Ransomware
-
United States

CVE-2023-0669

High

Fortra

Code/command Injection and Execution
GoAnywhere MFT
Used by Ransomware
-
Germany

CVE-2022-41082

Critical

Microsoft

Code/command Injection and Execution
Exchange
Used by Ransomware
-
United States

CVE-2024-8963

Critical

Ivanti

Path Traversal
Ivanti CSA
-
Netherlands

CVE-2017-9841

Critical

PHPUnit - Sebastian Bergmann

Code/command Injection and Execution
PHPUnit
-
United States

CVE-2021-44228

Critical

Apache

Code/command Injection and Execution
Log4j
Used by Ransomware
-
United States

CVE-2024-38475

Critical

Apache

Code/command Injection and Execution
Apache HTTP Server
-
United Kingdom

CVE-2021-42013

Critical

Apache

Path Traversal
Apache HTTP Server
Used by Ransomware
-
China

Top 10 Targeted Countries

China

41443

United States

35435

Egypt

15109

India

10426

Russia

6285

Singapore

5759

South Korea

5186

4170

Turkey

4128

Germany

4053

Actively Exploited Enterprise Vendors

Most Active Ransomware Groups

Industry

Country

Ransomware

Business

Industry

United States

Country

rhysida

Business

Industry

England

Country

d4rk4rmy

Business

Industry

United States

Country

play

Business

Industry

Germany

Country

qilin

Government

Industry

Minnesota

Country

interlock

Business

Industry

United States

Country

inc ransom

Business

Industry

United States

Country

worldleaks

Business

Industry

France

Country

medusa

Business

Industry

Germany

Country

cloak

Business

Industry

Italy

Country

everest

Ransomware Posting Frequency by Group - Last 7 Days

Remotely Exploited CISA KEV CVEs Added

These vulnerabilities have been newly added to the Known Exploited Vulnerabilities (KEV) Catalog. Organizations should prioritize addressing them to mitigate risks.

CVE-2020-25078

CVE-2020-25079

CVE-2022-40799

CVE-2023-2533

CVE-2025-20337

CVE-2025-20281

CVE-2025-2775

CVE-2025-2776

CVE-2025-6558

CVE-2025-54309

Weekly Enterprise Exploitation Trend Report

Platform

Use Cases

Company

Resources

Weekly Enterprise Exploitation Trend Report

Platform

Use Cases

Company

Resources

Subscribe