Weekly Enterprise Exploitation Trend Report

23-07-2025 to 29-07-2025

The report focuses solely on the exploitation statistics specific to enterprise vendors and their products over the past week, providing valuable insights to prioritize security measures and address emerging threats effectively.

244

Actively Exploited Vulnerabilities

110

Vendors Actively Exploited

Apache

Most Exploited Vendor

Atassian Confluence

Most Exploited Product

Top 10 Actively Exploited Vendors

Apache

Ivanti

Atlassian

Cisco

Oracle

Microsoft

Palo Alto Networks

VMware

Citrix

Adobe

Top 10 CVEs of 2025 with the Highest EPSS Scores -30-07-2025

CVE-2023-42793

JetBrains TeamCity
Remote Code Execution
EPSS: 0.94584
Percentile: 1

CVE-2024-27198

JetBrains TeamCity
Authentication Bypass
EPSS: 0.94577
Percentile: 1

CVE-2023-23752

Joomla
Improper Access Control
EPSS: 0.94532
Percentile: 1

CVE-2024-27199

JetBrains TeamCity
Path Traversal
EPSS: 0.94489
Percentile: 0.99999

CVE-2023-35078

Ivanti EPMM
Authentication Bypass
EPSS: 0.94485
Percentile:0.99998

CVE-2023-35082

Ivanti EPMM
Authentication Bypass
EPSS: 0.94468
Percentile:0.99995

CVE-2024-6670

WhatUp Gold
SQL Injection
EPSS:0.94467
Percentile: 0.99995

CVE-2024-23897

Jenkins
Path Traversal
EPSS: 0.94466
Percentile: 0.99994

CVE-2023-46747

F5 BIG-IP Configuration Utility
Authentication Bypass
EPSS:0.94439
Percentile: 0.99987

CVE-2023-32315

Openfire
Path Traversal
EPSS: 0.94439
Percentile: 0.99986

Top Exploited CVEs Against Enterprise Applications

CVE-2023-22515

Critical

Atlassian

Broken Access Control
Confluence
Used by Ransomware
-
United States

CVE-2023-20198

Critical

Cisco

Code/command Injection and Execution
Cisco IOS XE
-
United States

CVE-2022-41082

High

Microsoft

Code/command Injection and Execution
Exchange
Used by Ransomware
-
United States

CVE-2017-9841

Critical

PHPUnit - Sebastian Bergmann

Code/command Injection and Execution
PHPUnit
-
United States

CVE-2023-42793

Critical

JetBrains

Code/command Injection and Execution
TeamCity
Used by Ransomware
-
United States

CVE-2021-42013

Critical

Apache

Path Traversal
Apache HTTP Server
Used by Ransomware
-
China

CVE-2019-1653

High

Cisco

Sensitive Information Disclosure
Cisco RV320/RV325
-
Netherlands

CVE-2022-26134

Critical

Atlassian

Code/command Injection and Execution
Confluence
Used by Ransomware
-
United States

CVE-2023-22527

Critical

Atlassian

Code/command Injection and Execution
Confluence
Used by Ransomware
-
Netherlands

CVE-2023-23752

Medium

Open Source Matters, Inc/Joomla community

Improper Access Control
Joomla
-
United States

Top 10 Targeted Countries

China

44428

United States

34559

Singapore

17999

India

10579

Turkey

8086

Russia

6164

Brazil

5807

South Korea

4792

4368

Germany

3457

Actively Exploited Enterprise Vendors

Most Active Ransomware Groups

Industry

Country

Ransomware

Business

Industry

United States

Country

rhysida

Business

Industry

United States

Country

lynx

Business

Industry

United States

Country

brain cipher

Media

Industry

United States

Country

global

Business

Industry

UAE

Country

dragonforce

Business

Industry

United States

Country

kairos

Food

Industry

United States

Country

direwolf

Healthcare

Industry

Germany

Country

worldleaks

Business

Industry

Turkey

Country

qilin

Business

Industry

United States

Country

warlock

Ransomware Posting Frequency by Group - Last 7 Days

Remotely Exploited CISA KEV CVEs Added

These vulnerabilities have been newly added to the Known Exploited Vulnerabilities (KEV) Catalog. Organizations should prioritize addressing them to mitigate risks.

CVE-2023-2533

CVE-2025-20337

CVE-2025-20281

CVE-2025-2775

CVE-2025-2776

CVE-2025-6558

CVE-2025-54309

CVE-2025-49704

CVE-2025-49706

CVE-2025-53770

Weekly Enterprise Exploitation Trend Report

Platform

Use Cases

Company

Resources

Weekly Enterprise Exploitation Trend Report

Platform

Use Cases

Company

Resources

Subscribe