Weekly Enterprise Exploitation Trend Report

25-06-2025 to 01-07-2025

The report focuses solely on the exploitation statistics specific to enterprise vendors and their products over the past week, providing valuable insights to prioritize security measures and address emerging threats effectively.

231

Actively Exploited Vulnerabilities

107

Vendors Actively Exploited

Apache

Most Exploited Vendor

Cisco IOS XE

Most Exploited Product

Top 10 Actively Exploited Vendors

Apache

Ivanti

Atlassian

Palo Alto Networks

Oracle

VMware

Cisco

Microsoft

Progress

Citrix

Top 10 CVEs of 2025 with the Highest EPSS Scores - 01-07-2025

CVE-2023-42793

JetBrains TeamCity
Remote Code Execution
EPSS: 0.94584
Percentile: 1

CVE-2024-27198

JetBrains TeamCity
Authentication Bypass
EPSS: 0.94577
Percentile: 1

CVE-2023-23752

Joomla
Improper Access Control
EPSS: 0.94532
Percentile: 1

CVE-2024-27199

JetBrains TeamCity
Path Traversal
EPSS: 0.94489
Percentile: 0.99999

CVE-2023-35078

Ivanti EPMM
Authentication Bypass
EPSS: 0.94485
Percentile: 0.99997

CVE-2023-34362

Progress MOVEit
SQL Injection
EPSS: 0.94485
Percentile: 0.99998

CVE-2023-44487

HTTP/2 Protocol
Denial of Service
EPSS: 0.94474
Percentile: 0.99997

CVE-2023-35082

Ivanti EPMM
Authentication Bypass
EPSS: 0.94468
Percentile: 0.99994

CVE-2024-6670

WhatUp Gold
SQL Injection
EPSS:0.94467
Percentile: 0.99994

CVE-2024-23897

Jenkins
Path Traversal
EPSS: 0.94466
Percentile: 0.99993

Top Exploited CVEs Against Enterprise Applications

CVE-2023-20198

Critical

Cisco

Code/command Injection and Execution
Cisco IOS XE
-
China

CVE-2022-41082

High

Microsoft

Code/command Injection and Execution
Exchange
Used by Ransomware
-
United States

CVE-2017-9841

Critical

PHPUnit - Sebastian Bergmann

Code/command Injection and Execution
PHPUnit
-
China

CVE-2021-42013

Critical

Apache

Path Traversal
Apache HTTP Server
Used by Ransomware
-
China

CVE-2019-1653

High

Cisco

Sensitive Information Disclosure
Cisco RV320/RV325
-
Netherlands

CVE-2022-26134

Critical

Atlassian

Code/command Injection and Execution
Confluence
Used by Ransomware
-
France

CVE-2025-3248

Critical

Langflow

Code/command Injection and Execution
Langflow
-
Russia

CVE-2024-21887

Critical

Ivanti

Code/command Injection and Execution
Ivanti Secure Connect and Policy Secure
-
United States

CVE-2024-8963

Critical

Ivantic

Path Traversal
Ivanti CSA
-
United States

CVE-2023-22527

Critical

Atlassian

Code/command Injection and Execution
Confluence
Used by Ransomware
-
Netherlands

Top 10 Targeted Countries

China

42219

India

34650

United States

29333

Singapore

19036

South Korea

5456

Russia

4907

Germany

4243

4034

Brazil

3500

Venezuela

2830

Actively Exploited Enterprise Vendors

Most Active Ransomware Groups

Industry

Country

Ransomware

Business

Industry

United States

Country

sarcoma

Business

Industry

Turkey

Country

nightspire

Business

Industry

Jamaica

Country

el dorado

Business

Industry

Spain

Country

nova

Business

Industry

United States

Country

qilin

Healthcare

Industry

United States

Country

kairos

Business

Industry

China

Country

handala

Business

Industry

United States

Country

kawa

Business

Industry

India

Country

global

Business

Industry

Germany

Country

rhysida

Ransomware Posting Frequency by Group - Last 7 Days

Remotely Exploited CISA KEV CVEs Added

These vulnerabilities have been newly added to the Known Exploited Vulnerabilities (KEV) Catalog. Organizations should prioritize addressing them to mitigate risks.

CVE-2025-6543

CVE-2019-6693

CVE-2024-0769

CVE-2024-54085

CVE-2023-0386

CVE-2023-33538

CVE-2025-43200

CVE-2025-33053

CVE-2025-24016

CVE-2024-42009

Weekly Enterprise Exploitation Trend Report

Platform

Products

Use Cases

Company

Resources

Weekly Enterprise Exploitation Trend Report

Platform

Products

Use Cases

Company

Resources

Subscribe