Weekly Enterprise Exploitation Trend Report

09-04-2025 to 15-04-2025
The report focuses solely on the exploitation statistics specific to enterprise vendors and their products over the past week, providing valuable insights to prioritize security measures and address emerging threats effectively.
214
214
Actively Exploited Vulnerabilities
97
97
Vendors Actively Exploited
Apache
Apache
Most Exploited Vendor
Cisco IOS XE
Cisco IOS XE
Most Exploited Product
Top 10 Actively Exploited Vendors
1
Apache
2
Ivanti
3
Atlassian
4
Palo Alto Networks
5
Oracle
6
VMware
7
Cisco
8
Microsoft
9
Adobe
10
Progress
Top 10 CVEs of 2025 with the Highest EPSS Scores - 15-04-2025
1
CVE-2024-27198
  • JerBrains TeamCity
  • Authentication Bypass
  • EPSS: 0.94582
  • Percentile: 1
2
CVE-2023-42793
  • JerBrains TeamCity
  • Remote Code Execution
  • EPSS: 0.94575
  • Percentile: 1
3
CVE-2024-27199
  • JerBrains TeamCity
  • Path Traversal
  • EPSS: 0.94496
  • Percentile: 1
4
CVE-2023-35078
  • Ivanti EPMM
  • Authentication Bypass
  • EPSS: 0.94485
  • Percentile:0.99998
5
CVE-2023-23752
  • Joomla
  • Improper Access Control
  • EPSS:0.94447
  • Percentile: 0.99991
6
CVE-2023-44487
  • HTTP/2 protocol
  • Denial of Service
  • EPSS: 0.94437
  • Percentile:0.99988
7
CVE-2024-21887
  • Jenkins
  • Arbitrary File Read
  • EPSS: 0.94416
  • Percentile:0.99979
8
CVE-2023-46805
  • Ivanti ICS
  • Authentication Bypass
  • EPSS: 0.94398
  • Percentile:0.99974
9
CVE-2023-32315
  • Ignite Realtime Openfire
  • Path Traversal
  • EPSS:0.94398
  • Percentile:0.99973
10
CVE-2023-38035
  • Ivanti Sentry
  • Authentication Bypass
  • EPSS: 0.94397
  • Percentile:0.99972
Top Exploited CVEs Against Enterprise Applications
CVE-2023-20198
Critical
Critical
Critical
Critical
Cisco
  • Code/command Injection and Execution
  • Cisco IOS XE
  • -
    China
CVE-2017-9841
Critical
Critical
Critical
Critical
PHPUnit
  • Code/command Injection and Execution
  • PHPUnit - Sebastian Bergmann
  • Used by Ransomware
    -
    China
CVE-2021-42013
Critical
Critical
Critical
Critical
Apache
  • Path Traversal
  • Apache HTTP Server
  • Used by Ransomware
    -
    China
CVE-2022-41082
High
High
High
High
Microsoft
  • Code/command Injection and Execution
  • Exchange
  • Used by Ransomware
    -
    United States
CVE-2019-1653
High
High
High
High
Cisco
  • Sensitive Information Disclosure
  • Cisco RV320/RV325
  • -
    Netherlands
CVE-2021-44228
Critical
Critical
Critical
Critical
Apache
  • Code/command Injection and Execution
  • Log4j
  • Used by Ransomware
    -
    United States
CVE-2025-0108
High
High
High
High
Palo Alto Networks
  • Authentication Bypass
  • PAN-OS
  • -
    Germany
CVE-2022-26134
Critical
Critical
Critical
Critical
Atlassian
  • Code/command Injection and Execution
  • Confluence
  • Used by Ransomware
    -
    France
CVE-2018-13379
Critical
Critical
Critical
Critical
Fortinet
  • Path Traversal
  • FortiOS
  • Used by Ransomware
    -
    France
CVE-2024-21887
Critical
Critical
Critical
Critical
Ivanti
  • Code/command Injection and Execution
  • Secure Connect and Policy Secure
  • -
    Netherlands
Top 10 Targeted Countries
Top 10 Targeted Countries
Brazil
:
135694
China
:
49270
United States
:
33606
India
:
27586
Argentina
:
16123
Russia
:
10971
Singapore
:
10751
Ecuador
:
9048
Turkey
:
7064
Mexico
:
6431
Actively Exploited Enterprise Vendors
Apache|Ivanti|Atlassian|D-Link|Palo Alto Networks|Oracle|VMware|Cisco|Microsoft|Adobe|Progress|Citrix|Spring|F5|ZyXEL|Zoho|Draytek|Wordpress|Realtek|Netgear |Fortinet|SolarWinds|Synacor|QNAP|Geoserver|JetBrains|Sonatype|SonicWall|Tenda|SAP|Juniper|Aviatrix|Jenkins|ServiceNow|Dasan|Zyxel/Billion|PHPUnit - Sebastian Bergmann|PHP Foundation|Check Point|ownCloud|Open Source Matters, Inc/Joomla community|Fortra|Pulse Secure|Telerik|Laravel|ConnectWise|SaltStack|Webmin|Drupal|Metabase|nostromov|Bulletin|Grafana|Kentico |PrimeFaces|MobileIron|MinIO|SysAid|Barco/AWIND|LGH|Hikvision|Elastic|mongo-express|Hitachi Vantara|ForgeRock|Linear|Dahua|Sunhillo|Mitel|CrushFTP |Node.js|GLPI (teclib)|Micro Focus|Sitecore|TP-Link|NextGen Healthcare|dotCMS|Terramaster|WSO2|Sophos|CONTEC|Cacti|Lime Technology|Qlik|IBM|PaperCut |Rejetto|Yealink|NAKIVO|CyberPanel|netis|Edimax|SimpleHelp|Embedthis|Grandstream|Arcadyan|SugarCRM
Most Active Ransomware Groups
#
Industry
Country
Ransomware
1
1
Education
Industry
United States
Country
Inc ransom
2
2
Government
Industry
United States
Country
rhysida
3
3
Business
Industry
United States
Country
play
4
4
Business
Industry
United States
Country
qilin
5
5
Business
Industry
Portugal
Country
ralord
6
6
Government
Industry
United States
Country
wikileaksv2
7
7
Education
Industry
United States
Country
medusa
8
8
Business
Industry
Indonesia
Country
nightspire
9
9
Business
Industry
United States
Country
lockbit3
10
10
Business
Industry
Thailand
Country
devman
Ransomware Posting Frequency by Group - Last 7 Days
Remotely Exploited CISA KEV CVEs Added
These vulnerabilities have been newly added to the Known Exploited Vulnerabilities (KEV) Catalog. Organizations should prioritize addressing them  to mitigate risks.
CVE-2024-53150
CVE-2024-53197
CVE-2025-29824
CVE-2025-30406
CVE-2025-31161
CVE-2025-22457
CVE-2025-24813
CVE-2024-20439
CVE-2025-2783
CVE-2019-9875