Weekly Enterprise Exploitation Trend Report

06-08-2025 to 12-08-2025
The report focuses solely on the exploitation statistics specific to enterprise vendors and their products over the past week, providing valuable insights to prioritize security measures and address emerging threats effectively.
247
247
Actively Exploited Vulnerabilities
111
111
Vendors Actively Exploited
Apache
Apache
Most Exploited Vendor
Geoserver
Geoserver
Most Exploited Product
Top 10 Actively Exploited Vendors
1
Apache
2
Ivanti
3
Atlassian
4
Cisco
5
Oracle
6
Palo Alto Networks
7
Microsoft
8
Citrix
9
VMware
10
Adobe
Top 10 CVEs of 2025 with the Highest EPSS Scores -12-08-2025
1
CVE-2023-42793
  • JetBrains TeamCity
  • Remote Code Execution
  • EPSS: 0.94582
  • Percentile: 1
2
CVE-2024-27198
  • JetBrains TeamCity
  • Authentication Bypass
  • EPSS: 0.94575
  • Percentile: 1
3
CVE-2023-23752
  • Joomla
  • Improper Access Control
  • EPSS: 0.94532
  • Percentile: 1
4
CVE-2023-35078
  • Ivanti EPMM
  • Authentication Bypass
  • EPSS: 0.94482
  • Percentile: 0.99999
5
CVE-2024-27199
  • JetBrains TeamCity
  • Path Traversal
  • EPSS: 0.94476
  • Percentile: 0.99999
6
CVE-2024-6670
  • WhatUp Gold
  • SQL Injection
  • EPSS: 0.94467
  • Percentile: 0.99996
7
CVE-2023-44487
  • HTTP/2
  • DoS
  • EPSS:0.94456
  • Percentile: 0.99994
8
CVE-2023-35082
  • Ivanti EPMM
  • Authentication Bypass
  • EPSS: 0.9445
  • Percentile: 0.99991
9
CVE-2024-23897
  • Jenkins
  • Path Traversal
  • EPSS: 0.94442
  • Percentile: 0.99988
10
CVE-2023-46747
  • F5 BIG-IP Configuration Utility
  • Authentication Bypass
  • EPSS: 0.94439
  • Percentile: 0.99987
Top Exploited CVEs Against Enterprise Applications
CVE-2024-36401
Critical
Critical
Critical
Critical
Geoserver
  • Code/command Injection and Execution
  • Geoserver
  • -
    United Kingdom
CVE-2023-20198
Critical
Critical
Critical
Critical
Cisco
  • Code/command Injection and Execution
  • Cisco IOS XE
  • -
    United States
CVE-2024-3400
Critical
Critical
Critical
Critical
Palo Alto Networks
  • Code/command Injection and Execution
  • GlobalProtect
  • Used by Ransomware
    -
    United States
CVE-2023-0669
High
High
High
High
Fortra
  • Code/command Injection and Execution
  • GoAnywhere MFT
  • Used by Ransomware
    -
    Germany
CVE-2022-41082
Critical
Critical
Critical
Critical
Microsoft
  • Code/command Injection and Execution
  • Exchange
  • Used by Ransomware
    -
    United States
CVE-2024-8963
Critical
Critical
Critical
Critical
Ivanti
  • Path Traversal
  • Ivanti CSA
  • -
    Netherlands
CVE-2017-9841
Critical
Critical
Critical
Critical
PHPUnit - Sebastian Bergmann
  • Code/command Injection and Execution
  • PHPUnit
  • -
    United States
CVE-2021-44228
Critical
Critical
Critical
Critical
Apache
  • Code/command Injection and Execution
  • Log4j
  • Used by Ransomware
    -
    United States
CVE-2024-38475
Critical
Critical
Critical
Critical
Apache
  • Code/command Injection and Execution
  • Apache HTTP Server
  • -
    United Kingdom
CVE-2021-42013
Critical
Critical
Critical
Critical
Apache
  • Path Traversal
  • Apache HTTP Server
  • Used by Ransomware
    -
    China
Top 10 Targeted Countries
Top 10 Targeted Countries
China
:
41443
United States
:
35435
Egypt
:
15109
India
:
10426
Russia
:
6285
Singapore
:
5759
South Korea
:
5186
UK
:
4170
Turkey
:
4128
Germany
:
4053
Actively Exploited Enterprise Vendors
Apache | Ivanti | Atlassian | D-Link | Cisco | Oracle | Palo Alto Networks | Microsoft | Citrix | VMware | Draytek | Adobe | Progress | Netgear | F5 | Spring | Fortinet | Wordpress | ZyXEL | Zoho | SysAid | SAP | Geoserver | Realtek | Synacor | SolarWinds | Tenda | QNAP | Drupal | SonicWall | Sonatype | Elastic | JetBrains | Aviatrix | Juniper | Jenkins | TopThink | Dasan | Fortra | PHPUnit - Sebastian Bergmann | ownCloud | Check Point | Open Source Matters, Inc/Joomla community | Zyxel/Billion | vBulletin | MobileIron | Lime Technology | Pulse Secure | Micro Focus | Sunhillo | Terramaster | Hikvision | ASUS | Laravel | SaltStack | Webmin | PrimeFaces | nostromo | GLPI (teclib) | Linear | Hitachi Vantara | Barco/AWIND | PaperCut | Sophos | PHP Foundation | IBM | Dahua | dotCMS | LG | Telerik | mongo-express | Rejetto | CONTEC | Sitecore | TP-Link | Langflow | Mitel | WSO2 | ConnectWise | Roundcube | MinIO | NAKIVO | Metabase | NextGen Healthcare | Qlik | Cacti | wftpserver.com | ForgeRock | Gladinet | Commvault | Node.js | Grafana | Yealink | CrushFTP | RedHat | ServiceNow | Wazuh | GNU | GeoVision | Cleo | CyberPanel | Kentico | Ignite Realtime | D-Link/TRENDnet | netis | Grandstream | Arcadyan | SugarCRM | Ruckus | Array Networks | PTZOptics
Most Active Ransomware Groups
#
Industry
Country
Ransomware
1
1
Business
Industry
United States
Country
rhysida
2
2
Business
Industry
England
Country
d4rk4rmy
3
3
Business
Industry
United States
Country
play
4
4
Business
Industry
Germany
Country
qilin
5
5
Government
Industry
Minnesota
Country
interlock
6
6
Business
Industry
United States
Country
inc ransom
7
7
Business
Industry
United States
Country
worldleaks
8
8
Business
Industry
France
Country
medusa
9
9
Business
Industry
Germany
Country
cloak
10
10
Business
Industry
Italy
Country
everest
Ransomware Posting Frequency by Group - Last 7 Days
Remotely Exploited CISA KEV CVEs Added
These vulnerabilities have been newly added to the Known Exploited Vulnerabilities (KEV) Catalog. Organizations should prioritize addressing them  to mitigate risks.
CVE-2020-25078
CVE-2020-25079
CVE-2022-40799
CVE-2023-2533
CVE-2025-20337
CVE-2025-20281
CVE-2025-2775
CVE-2025-2776
CVE-2025-6558
CVE-2025-54309