Weekly Enterprise Exploitation Trend Report

19-03-2025 to 25-03-2025
The report focuses solely on the exploitation statistics specific to enterprise vendors and their products over the past week, providing valuable insights to prioritize security measures and address emerging threats effectively.
214
214
Actively Exploited Vulnerabilities
99
99
Vendors Actively Exploited
Apache
Apache
Most Exploited Vendor
Cisco IOS XE
Cisco IOS XE
Most Exploited Product
Top 10 Actively Exploited Vendors
1
Apache
2
Ivanti
3
Atlassian
4
Oracle
5
Palo Alto Networks
6
VMware
7
Cisco
8
Microsoft
9
Adobe
10
Citrix
Top 10 CVEs of 2025 with the Highest EPSS Scores - 25-03-2025
1
CVE-2024-27198
  • JetBrains TeamCity
  • Authentication Bypass
  • EPSS: 0.94582
  • Percentile: 1
2
CVE-2023-42793
  • JetBrains TeamCity
  • Remote Code Execution
  • EPSS: 0.94575
  • Percentile: 1
3
CVE-2023-35078
  • Ivanti EPMM
  • Authentication Bypass
  • EPSS: 0.94487
  • Percentile: 0.99999
4
CVE-2024-27199
  • JetBrains TeamCity
  • Path Traversal
  • EPSS: 0.94475
  • Percentile: 0.99997
5
CVE-2023-23752
  • Joomla
  • Improper Access Control
  • EPSS: 0.94447
  • Percentile: 0.9999
6
CVE-2023-46805
  • Ivanti ICS
  • Authentication Bypass
  • EPSS: 0.94398
  • Percentile: 0.99973
7
CVE-2023-32315
  • Ignite Realtime Openfire
  • Path Traversal
  • EPSS: 0.94398
  • Percentile: 0.99972
8
CVE-2023-38035
  • Ivanti Sentry
  • Authentication Bypass
  • EPSS:0.94397
  • Percentile:0.99971
9
CVE-2024-21887
  • Jenkins
  • Arbitrary File Read
  • EPSS: 0.94392
  • Percentile:0.99969
10
CVE-2023-20887
  • Vmware Aria
  • OS Command Injection
  • EPSS: 0.94389
  • Percentile: 0.99967
Top Exploited CVEs Against Enterprise Applications
CVE-2023-20198
Critical
Critical
Critical
Critical
Cisco
  • Code/command Injection and Execution
  • Cisco IOS XE
  • -
    China
CVE-2017-9841
Critical
Critical
Critical
Critical
PHPUnit - Sebastian Bergmann
  • Code/command Injection and Execution
  • PHPUnit
  • -
    Germany
CVE-2021-42013
Critical
Critical
Critical
Critical
Apache
  • Path Traversal
  • Apache HTTP Server
  • Used by Ransomware
    -
    China
CVE-2022-41082
High
High
High
High
Microsoft
  • Code/command Injection and Execution
  • Exchange
  • Used by Ransomware
    -
    United States
CVE-2019-1653
High
High
High
High
Cisco
  • Sensitive Information Disclosure
  • Cisco RV320/RV325
  • -
    Netherlands
CVE-2022-26134
Critical
Critical
Critical
Critical
Atlassian
  • Code/command Injection and Execution
  • Confluence
  • Used by Ransomware
    -
    United States
CVE-2021-44228
Critical
Critical
Critical
Critical
Apache
  • Code/command Injection and Execution
  • Log4j
  • Used by Ransomware
    -
    United States
CVE-2018-13379
Critical
Critical
Critical
Critical
Fortinet
  • Path Traversal
  • FortiOS
  • Used by Ransomware
    -
    United States
CVE-2022-40684
Critical
Critical
Critical
Critical
Fortinet
  • Authentication Bypass
  • FortiOS, FortiProxy, and FortiSwitchManager
  • Used by Ransomware
    -
    United States
CVE-2024-24919
High
High
High
High
Check Point
  • Sensitive Information Disclosure
  • Check Point Security Gateway
  • Used by Ransomware
    -
    France
Top 10 Targeted Countries
Top 10 Targeted Countries
China
:
45837
United States
:
42733
India
:
26088
Germany
:
14497
Singapore
:
9698
Taiwan
:
7708
Brazil
:
5532
Russia
:
4379
South Korea
:
4227
UK
:
3840
Actively Exploited Enterprise Vendors
Apache | Ivanti | Atlassian | D-Link | Oracle | Palo Alto Networks | VMware | Cisco | Microsoft | Adobe | Citrix | Progress | F5 | Zyxel | Spring | Netgear | Draytek | Zoho | Wordpress | Realtek | Fortinet | Synacor | SonicWall | SolarWinds | QNAP | Geoserver | JetBrains | Sonatype | SAP | Tenda | Aviatrix | Jenkins | Dasan | PHPUnit - Sebastian Bergmann | Check Point | Zyxel/Billion | ownCloud | Open Source Matters, Inc/Joomla community | Fortra | Laravel | SaltStack | Pulse Secure | PHP Foundation | Drupal | Webmin | vBulletin | Terramaster | SysAid | MobileIron | GLPI (teclib) | Dahua | Elastic | Hikvision | Cacti | PrimeFaces | Telerik | Metabase | Barco/AWIND | nostromo | Linear | LG | Lime Technology | Grafana | MinIO | WSO2 | CONTEC | Sophos | Juniper | Micro Focus | mongo-express | Sunhillo | dotCMS | Node.js | Hitachi Vantara | Yealink | NextGen Healthcare | PaperCut | IBM | Qlik | ForgeRock | Rejetto | Mitel | Sitecore | Kentico | TP-Link | NAKIVO | ConnectWise | CrushFTP | CyberPanel | netis | Edimax | Embedthis | Grandstream | Arcadyan | SugarCRM | ServiceNow | SimpleHelp | RedHat | Array Networks
Most Active Ransomware Groups
#
Industry
Country
Ransomware
1
1
Business
Industry
United States
Country
Arkana security
2
2
Business
Industry
Turkey
Country
Nightspire
3
3
Education
Industry
United States
Country
Rhysida
4
4
Transportation
Industry
Brazil
Country
Hellcat
5
5
Business
Industry
Italy
Country
Ransomhub
6
6
Healthcare
Industry
United States
Country
Medusa
7
7
Business
Industry
Slovak Republic
Country
Babuk-bjorka
8
8
Business
Industry
United States
Country
Inc ransom
9
9
Business
Industry
Italy
Country
Vanhelsing
10
10
Business
Industry
United States
Country
Frag
Ransomware Posting Frequency by Group - Last 7 Days
Remotely Exploited CISA KEV CVEs Added
These vulnerabilities have been newly added to the Known Exploited Vulnerabilities (KEV) Catalog. Organizations should prioritize addressing them  to mitigate risks.
CVE-2025-30154
CVE-2017-12637
CVE-2024-48248
CVE-2025-30066
CVE-2025-24472
CVE-2025-21590
CVE-2025-24201
CVE-2025-24993
CVE-2025-24991
CVE-2025-24985