Weekly Enterprise Exploitation Trend Report

19-03-2025 to 25-03-2025

The report focuses solely on the exploitation statistics specific to enterprise vendors and their products over the past week, providing valuable insights to prioritize security measures and address emerging threats effectively.

214

Actively Exploited Vulnerabilities

Vendors Actively Exploited

Apache

Most Exploited Vendor

Cisco IOS XE

Most Exploited Product

Top 10 Actively Exploited Vendors

Apache

Ivanti

Atlassian

Oracle

Palo Alto Networks

VMware

Cisco

Microsoft

Adobe

Citrix

Top 10 CVEs of 2025 with the Highest EPSS Scores - 25-03-2025

CVE-2024-27198

JetBrains TeamCity
Authentication Bypass
EPSS: 0.94582
Percentile: 1

CVE-2023-42793

JetBrains TeamCity
Remote Code Execution
EPSS: 0.94575
Percentile: 1

CVE-2023-35078

Ivanti EPMM
Authentication Bypass
EPSS: 0.94487
Percentile: 0.99999

CVE-2024-27199

JetBrains TeamCity
Path Traversal
EPSS: 0.94475
Percentile: 0.99997

CVE-2023-23752

Joomla
Improper Access Control
EPSS: 0.94447
Percentile: 0.9999

CVE-2023-46805

Ivanti ICS
Authentication Bypass
EPSS: 0.94398
Percentile: 0.99973

CVE-2023-32315

Ignite Realtime Openfire
Path Traversal
EPSS: 0.94398
Percentile: 0.99972

CVE-2023-38035

Ivanti Sentry
Authentication Bypass
EPSS:0.94397
Percentile:0.99971

CVE-2024-21887

Jenkins
Arbitrary File Read
EPSS: 0.94392
Percentile:0.99969

CVE-2023-20887

Vmware Aria
OS Command Injection
EPSS: 0.94389
Percentile: 0.99967

Top Exploited CVEs Against Enterprise Applications

CVE-2023-20198

Critical

Cisco

Code/command Injection and Execution
Cisco IOS XE
-
China

CVE-2017-9841

Critical

PHPUnit - Sebastian Bergmann

Code/command Injection and Execution
PHPUnit
-
Germany

CVE-2021-42013

Critical

Apache

Path Traversal
Apache HTTP Server
Used by Ransomware
-
China

CVE-2022-41082

High

Microsoft

Code/command Injection and Execution
Exchange
Used by Ransomware
-
United States

CVE-2019-1653

High

Cisco

Sensitive Information Disclosure
Cisco RV320/RV325
-
Netherlands

CVE-2022-26134

Critical

Atlassian

Code/command Injection and Execution
Confluence
Used by Ransomware
-
United States

CVE-2021-44228

Critical

Apache

Code/command Injection and Execution
Log4j
Used by Ransomware
-
United States

CVE-2018-13379

Critical

Fortinet

Path Traversal
FortiOS
Used by Ransomware
-
United States

CVE-2022-40684

Critical

Fortinet

Authentication Bypass
FortiOS, FortiProxy, and FortiSwitchManager
Used by Ransomware
-
United States

CVE-2024-24919

High

Check Point

Sensitive Information Disclosure
Check Point Security Gateway
Used by Ransomware
-
France

Top 10 Targeted Countries

China

45837

United States

42733

India

26088

Germany

14497

Singapore

9698

Taiwan

7708

Brazil

5532

Russia

4379

South Korea

4227

3840

Actively Exploited Enterprise Vendors

Most Active Ransomware Groups

Industry

Country

Ransomware

Business

Industry

United States

Country

Arkana security

Business

Industry

Turkey

Country

Nightspire

Education

Industry

United States

Country

Rhysida

Transportation

Industry

Brazil

Country

Hellcat

Business

Industry

Italy

Country

Ransomhub

Healthcare

Industry

United States

Country

Medusa

Business

Industry

Slovak Republic

Country

Babuk-bjorka

Business

Industry

United States

Country

Inc ransom

Business

Industry

Italy

Country

Vanhelsing

Business

Industry

United States

Country

Frag

Ransomware Posting Frequency by Group - Last 7 Days

Remotely Exploited CISA KEV CVEs Added

These vulnerabilities have been newly added to the Known Exploited Vulnerabilities (KEV) Catalog. Organizations should prioritize addressing them to mitigate risks.

CVE-2025-30154

CVE-2017-12637

CVE-2024-48248

CVE-2025-30066

CVE-2025-24472

CVE-2025-21590

CVE-2025-24201

CVE-2025-24993

CVE-2025-24991

CVE-2025-24985

Weekly Enterprise Exploitation Trend Report

Platform

Products

Use Cases

Company

Resources

Weekly Enterprise Exploitation Trend Report

Platform

Products

Use Cases

Company

Resources

Subscribe