Weekly Enterprise Exploitation Trend Report

22-10-2025 to 29-10-2025

The report focuses solely on the exploitation statistics specific to enterprise vendors and their products over the past week, providing valuable insights to prioritize security measures and address emerging threats effectively.

247

Actively Exploited Vulnerabilities

107

Vendors Actively Exploited

Apache

Most Exploited Vendor

Microsoft Exchange

Most Exploited Product

Top 10 Actively Exploited Vendors

Apache

Ivanti

Atlassian

Cisco

Oracle

Microsoft

VMware

Palo Alto Networks

Citrix

Adobe

Top 10 CVEs of 2025 with the Highest EPSS Scores -29-10-2025

CVE-2024-27198

JetBrains TeamCity
Authentication Bypass
EPSS:0.94579
Percentile: 1

CVE-2023-23752

Joomla
Improper Access Control
EPSS: 0.94534
Percentile: 1

CVE-2024-27199

JetBrains TeamCity
Path Traversal
EPSS: 0.94489
Percentile: 0.99999

CVE-2023-35078

Ivanti EPMM
Authentication Bypass
EPSS: 0.94482
Percentile: 0.99998

CVE-2024-6670

HTTP/2
Denial of Service
EPSS:0.94468
Percentile: 0.99995

CVE-2024-23897

Jenkins
Path Traversal
EPSS: 0.94466
Percentile: 0.99994

CVE-2023-32315

Ignite Realtime Openfire
SQL Injection
EPSS: 0.94441
Percentile: 0.9999

CVE-2023-38035

Ivanty Sentry
Authentication Bypass
EPSS: 0.94438
Percentile: 0.99987

CVE-2024-7593

Ivanti Virtual Traffic Manager
Authentication Bypass
EPSS:0.94436
Percentile: 0.99987

CVE-2023-46747

F5 BIG-IP Configuration Utility
Authentication Bypass
EPSS: 0.94436
Percentile: 0.99986

Top Exploited CVEs Against Enterprise Applications

CVE-2022-41082

Critical

Microsoft

Code/command Injection and Execution
Exchange
Used by Ransomware
-
United States

CVE-2023-20198

Critical

Cisco

Code/command Injection and Execution
Cisco IOS XE
-
United States

CVE-2023-22515

Critical

Atlassian

Broken Access Control
Confluence
Used by Ransomware
-
Germany

CVE-2017-9841

Critical

PHPUnit - Sebastian Bergmann

Code/command Injection and Execution
PHPUnit
-
United States

CVE-2021-42013

Critical

Apache

Path Traversal
Apache HTTP Server
Used by Ransomware
-
China

CVE-2019-1653

High

Cisco

Sensitive Information Disclosure
Cisco RV320/RV325
-
Netherlands

CVE-2021-44228

Critical

Apache

Code/command Injection and Execution
Log4j
Used by Ransomware
-
United States

CVE-2025-0108

High

Palo Alto Networks

Authentication Bypass
PAN-OS
-
United States

CVE-2024-24919

High

Check Point

Sensitive Information Disclosure
Check Point Security Gateway
Used by Ransomware
-
United States

CVE-2022-24816

Critical

Geoserver

Code/command Injection and Execution
Geoserver (JAI-EXT)
-
United States

Top 10 Targeted Countries

China

42696

United States

33606

Singapore

20892

India

9167

Brazil

7771

Russia

4671

Egypt

4443

4435

Germany

3293

Pakistan

3224

Actively Exploited Enterprise Vendors

Most Active Ransomware Groups

Industry

Country

Ransomware

Government

Industry

United States

Country

akira

Education

Industry

United States

Country

rhysida

Business

Industry

United States

Country

pear

Government

Industry

France

Country

stormous

Business

Industry

Portugal

Country

ciphbit

Business

Industry

United States

Country

genesis

Business

Industry

Germany

Country

chaos

Business

Industry

United States

Country

sinobi

Business

Industry

United States

Country

lynx

Business

Industry

United Arab Emirates

Country

black nevas

Ransomware Posting Frequency by Group - Last 7 Days

Remotely Exploited CISA KEV CVEs Added

These vulnerabilities have been newly added to the Known Exploited Vulnerabilities (KEV) Catalog. Organizations should prioritize addressing them to mitigate risks.

CVE-2025-54236

CVE-2025-59287

CVE-2025-61932

CVE-2022-48503

CVE-2025-2746

CVE-2025-2747

CVE-2025-33073

CVE-2025-61884

CVE-2025-54253

CVE-2025-47827

Weekly Enterprise Exploitation Trend Report

Platform

Use Cases

Company

Resources

Weekly Enterprise Exploitation Trend Report

Platform

Use Cases

Company

Resources

Subscribe