Reports
Weekly Enterprise  Exploitation Trend Report
Manage view

Weekly Enterprise Exploitation Trend Report

12-02-2025 to 18-02-2025
The report focuses solely on the exploitation statistics specific to enterprise vendors and their products over the past week, providing valuable insights to prioritize security measures and address emerging threats effectively.
Download PDF
Subscribe
208
208
Actively Exploited Vulnerabilities
95
95
Vendors Actively Exploited
Apache
Apache
Most Exploited Vendor
Cisco IOS XE
Cisco IOS XE
Most Exploited Product
Top 10 Actively Exploited Vendors
1
Apache
2
Atlassian
3
Ivanti
4
Oracle
5
Palo Alto Networks
6
VMware
7
Cisco
8
Microsoft
9
Adobe
10
Citrix
Top 10 CVEs of 2024 with the Highest EPSS Scores - 18-02-2025
1
CVE-2023-42793
  • JerBrains TeamCity
  • Remote Code Execution
  • EPSS: 0.97491
  • Percentile: 0.99987
2
CVE-2023-43208
  • NextGen Healthcare
  • Remote Code Execution
  • EPSS: 0.97486
  • Percentile: 0.99986
3
CVE-2024-9474
  • Palo Alto Network Web Interface
  • Privilege Escalation
  • EPSS: 0.9748
  • Percentile: 0.99985
4
CVE-2024-23897
  • Jenkins
  • Arbitrary File Read
  • EPSS: 0.97354
  • Percentile: 0.99955
5
CVE-2024-21887
  • Ivanti Connect Secure
  • Remote Code Execution
  • EPSS: 0.97322
  • Percentile: 0.99949
6
CVE-2023-27372
  • SPIP
  • Remote Code Execution
  • EPSS: 0.97294
  • Percentile: 0.99937
7
CVE-2023-22527
  • Confluence
  • Template Injection
  • EPSS: 0.97231
  • Percentile: 0.99922
8
CVE-2023-27524
  • Confluence
  • Template Injection
  • EPSS: 0.97228
  • Percentile: 0.99922
9
CVE-2023-29298
  • Adobe Coldfusion
  • Improper Access Control
  • EPSS: 0.97226
  • Percentile: 0.99921
10
CVE-2023-24489
  • Citrix Sharefile
  • Improper Access Control
  • EPSS: 0.97225
  • Percentile: 0.9992
Top Exploited CVEs Against Enterprise Applications
CVE-2023-20198
Critical
Critical
Critical
Critical
Cisco
  • Code/command Injection and Execution
  • Cisco IOS XE
  • -
    China
CVE-2022-41082
High
High
High
High
Microsoft
  • Code/command Injection and Execution
  • Exchange
  • Used by Ransomware
    -
    United States
CVE-2017-9841
Critical
Critical
Critical
Critical
PHPUnit - Sebastian Bergmann
  • Code/command Injection and Execution
  • PHPUnit
  • -
    China
CVE-2021-42013
Critical
Critical
Critical
Critical
Apache
  • Apache HTTP Server
  • Path Traversal
  • Used by Ransomware
    -
    China
CVE-2023-22515
Critical
Critical
Critical
Critical
Atlassian
  • Confluence
  • Broken Access Control
  • Used by Ransomware
    -
    Finland
CVE-2019-1653
High
High
High
High
Cisco
  • Sensitive Information Disclosure
  • Cisco RV320/RV325
  • -
    Netherlands
CVE-2024-4577
Critical
Critical
Critical
Critical
PHP Foundation
  • Code/command Injection and Execution
  • PHP (PHP-CGI)
  • Used by Ransomware
    -
    United Kingdom
CVE-2022-26134
Critical
Critical
Critical
Critical
Atlassian
  • Code/command Injection and Execution
  • Confluence
  • Used by Ransomware
    -
    United Kingdom
CVE-2021-44228
Critical
Critical
Critical
Critical
Apache
  • Code/command Injection and Execution
  • Log4j
  • Used by Ransomware
    -
    United States
CVE-2023-0669
High
High
High
High
Fortra
  • Code/command Injection and Execution
  • GoAnywhere MFT
  • Used by Ransomware
    -
    Germany
Top 10 Targeted Countries
Top 10 Targeted Countries
Brazil
:
692829
China
:
65939
US
:
64636
India
:
56700
Russia
:
42559
Argentina
:
40903
Turkey
:
38965
Taiwan
:
36752
Mexico
:
36540
Bangladesh
:
36256
Actively Exploited Enterprise Vendors
Apache | Atlassian | Ivanti | D-Link | Oracle | Palo Alto Networks | VMware | Cisco | Microsoft | Adobe | Citrix | F5 | Progress | Draytek | Zyxel | Netgear | Zoho | QNAP | JetBrains | Aviatrix | Tenda | Sonatype | Juniper | SAP | Jenkins | Dasan | Check Point | Pulse Secure | IBM | CONTEC | PaperCut | Telerik | Qlik | TP-Link | SonicWall | vBulletin | MobileIron | Mitel | Dahua | ConnectWise | ForgeRock | Terramaster | LG | Sunhillo | Micro Focus | Barco/AWIND | Sitecore | Rejetto | Lime Technology | Yealink | ServiceNow | SugarCRM | CrushFTP | Kentico | RedHat | Grandstream | Ruckus | Array Networks
Most Active Ransomware Groups
#
Industry
Country
Ransomware
1
1
Government
Industry
United States
Country
RansomHub
2
2
Education
Industry
France
Country
Termite
3
3
Healthcare
Industry
Arizona
Country
Medusa
4
4
Business
Industry
Canada
Country
Rhysida
5
5
Business
Industry
United States
Country
Play
6
6
Business
Industry
United States
Country
Black Suit
7
7
Education
Industry
United Kingdom
Country
Kairos
8
8
Business
Industry
United States
Country
Cactus
9
9
Business
Industry
Brazil
Country
FunkSec
10
10
Business
Industry
Germany
Country
Lynx
Ransomware Posting Frequency by Group - Last 7 Days
Remotely Exploited CISA KEV CVEs Added
These vulnerabilities have been newly added to the Known Exploited Vulnerabilities (KEV) Catalog. Organizations should prioritize addressing them  to mitigate risks.
CVE-2024-57727
CVE-2025-24200
CVE-2025-21418
CVE-2025-21391
CVE-2025-0994
CVE-2020-15069
CVE-2020-29574
CVE-2024-21413
CVE-2022-23748
CVE-2025-0411
info@nstcyber.ai
San Jose CA, USA
Bangalore, India
Dubai, UAE

Platform

Continuous Monitoring
AI/ML Assisted Discovery & Validation
Automated Assessments
Prioritized Risk Identification
Swift Threat Detection and Response
Cyber Threat Informed Defense (CTID)
Compliance Assurance

Products

Continuous Threat Exposure Management
Vendor Security Management

Use Cases

Assess Your Security Posture
Eliminate Attack Vectors
Evaluate Vendors and Partners
Meet Compliance

Company

About NST Cyber
NST Cyber Partner Program
Careers

Resources

Blogs
Videos
White Papers & Advisories
© 2024 NST Cyber Inc. All Rights Reserved.
Privacy Policy