Reports
Weekly Enterprise  Exploitation Trend Report
Manage view

Weekly Enterprise Exploitation Trend Report

08-01-2025 to 15-01-2025
The report focuses solely on the exploitation statistics specific to enterprise vendors and their products over the past week, providing valuable insights to prioritize security measures and address emerging threats effectively.
Download PDF
Subscribe
204
204
Actively Exploited Vulnerabilities
94
94
Vendors Actively Exploited
Apache
Apache
Most Exploited Vendor
Cisco IOS XE
Cisco IOS XE
Most Exploited Product
Top 10 Actively Exploited Vendors
1
Apache
2
Atlassian
3
Ivanti
4
Oracle
5
Palo Alto Networks
6
VMware
7
Cisco
8
Adobe
9
Microsoft
10
Progress
Top 10 CVEs of 2024 with the Highest EPSS Scores - 15-01-2025
1
CVE-2024-9474
  • Palo Alto Network Web Interface
  • Privilege Escalation
  • EPSS: 0.9749
  • Percentile: 0.99977 0.99988
2
CVE-2023-42793
  • JerBrains TeamCity
  • Remote Code Execution
  • EPSS: 0.97485
  • Percentile: 0.99986
3
CVE-2023-43208
  • NextGen Healthcare Connect
  • Remote Code Execution
  • EPSS:0.97479
  • Percentile 0.99977
4
CVE-2023-27372
  • SPIP
  • Remote Code Execution
  • EPSS: 0.97339
  • Percentile: 0.99953
5
CVE-2024-23897
  • Jenkins
  • Arbitrary File Read
  • EPSS: 0.9733
  • Percentile: 0.99952
6
CVE-2023-46747
  • F5 Big IP
  • Remote Code Execution
  • EPSS: 0.97321
  • Percentile: 0.99947
7
CVE-2023-33246
  • Apache RocketMQ
  • Remote Code Execution
  • EPSS: 0.9732
  • Percentile: 0.99946
8
CVE-2023-27524
  • Apache Superset
  • Insecure Default Initialization
  • EPSS: 0.97259
  • Percentile: 0.99924
9
CVE-2023-24489
  • Citrix Sharefile
  • Improper Access Control
  • EPSS: 0.97245
  • Percentile: 0.99923
10
CVE-2023-22527
  • Confluence
  • Remote Code Execution
  • EPSS: 0.97229
  • Percentile: 0.99918
Top Exploited CVEs Against Enterprise Applications
CVE-2023-20198
Critical
Critical
Cisco
  • Code/command Injection and Execution
  • Cisco IOS XE
  • -
    US
CVE-2017-9841
Critical
Critical
PHPUnit - Sebastian Bergmann
  • Code/command Injection and Execution
  • PHPUnit
  • -
    Indonesia
CVE-2021-42013
Critical
Critical
Apache
  • Path Traversal
  • Apache HTTP Server
  • Used by Ransomware
    -
    China
CVE-2022-41082
High
High
Microsoft
  • Exchange
  • Code/command Injection and Execution
  • Used by Ransomware
    -
    China
CVE-2024-32113
Critical
Critical
Apache
  • Path Traversal
  • OFBiz
  • -
    Indonesia
CVE-2023-42793
Critical
Critical
JetBrains
  • Code/command Injection and Execution
  • TeamCity
  • Used by Ransomware
    -
    China
CVE-2024-4577
Critical
Critical
PHP Foundation
  • Code/command Injection and Execution
  • PHP (PHP-CGI)
  • Used by Ransomware
    -
    Germany
CVE-2019-9670
Critical
Critical
Synacor
  • XML External Entity Injection
  • Zimbra Collaboration Suite
  • -
    Indonesia
CVE-2019-1653
High
High
Cisco
  • Sensitive Information Disclosure
  • Cisco RV320/RV325
  • -
    Netherlands
CVE-2022-26134
Critical
Critical
Atlassian
  • Code/command Injection and Execution
  • Confluence
  • Used by Ransomware
    -
    Germany
Top 10 Targeted Countries
Name
Number
Name
Number
Name
Number
Name
Number
Name
Number
Name
Number
Name
Number
Name
Number
Name
Number
Name
Number
Top 10 Targeted Countries
China
47121
United States
33998
India
26428
Taiwan
10661
Brazil
6597
Singapore
5901
South Korea
5885
Germany
4890
Russia
4359
United Kingdom
4078
Actively Exploited Enterprise Vendors
Apache | Atlassian | Ivanti | Oracle | D-Link | Palo Alto Networks | VMware | Cisco | Adobe | Microsoft | Progress | Spring | Citrix | F5 | Zyxel | Draytek | Netgear | Zoho | Wordpress | Realtek | JetBrains | Synacor | QNAP | Fortinet | Sonatype | Geoserver | SolarWinds | SAP | Tenda | Jenkins | Juniper | Dasan | PHPUnit - Sebastian Bergmann | PHP Foundation | Zyxel/Billion | SaltStack | Check Point | Drupal | vBulletin | Webmin | Pulse Secure | mongo-express | Fortra | Open Source Matters, Inc/Joomla community | nostromo | Elastic | LG | ownCloud | PrimeFaces | SonicWall | Linear | Barco/AWIND | MobileIron | Laravel | Rejetto | NextGen Healthcare | TP-Link | Hikvision | GLPI (teclib) | Terramaster | Dahua | Aviatrix | Metabase | ConnectWise | SysAid | Sophos | MinIO | IBM | PaperCut | CyberPanel | CONTEC | Cacti | Mitel | Sunhillo | Micro Focus | dotCMS | Node.js | Qlik | WSO2 | Sitecore | Yealink | Lime Technology | Grafana | CrushFTP | ForgeRock | Telerik | Array Networks | ServiceNow | RedHat | Kentico | Grandstream | Ruckus | SugarCRM | D-Link/TRENDnet
Most Active Ransomware Groups
#
Industry
Country
Ransomware
1
1
Business
Industry
Spain
Country
Funksec
2
2
Government
Industry
United States
Country
Akira
3
3
Government
Industry
United States
Country
Qilin
4
4
Business
Industry
Australia
Country
KillSec
5
5
Business
Industry
United Kingdom
Country
Black Basta
6
6
Education
Industry
United States
Country
RansomHub
7
7
Business
Industry
United States
Country
Play
8
8
Business
Industry
Croatia
Country
8Base
9
9
Business
Industry
Romania
Country
Lynx
10
10
Healthcare
Industry
Chile
Country
INC
Ransomware Posting Frequency by Group - Last 7 Days
Funksec
25
Ransomhub
19
Akira
16
Lynx
15
Lockbit3
9
Inc ransom
8
Everest
8
Blackbasta
8
Hunters
7
Leakeddata
2
0
5
10
15
20
25
30
35
40
Remotely Exploited CISA KEV CVEs Added
These vulnerabilities have been newly added to the Known Exploited Vulnerabilities (KEV) Catalog. Organizations should prioritize addressing them  to mitigate risks.
CVE-2025-21335
CVE-2025-21334
CVE-2025-21333
CVE-2024-55591
CVE-2023-48365
CVE-2024-12686
CVE-2025-0282
CVE-2020-2883
CVE-2024-55550
CVE-2024-41713
info@nstcyber.ai
San Jose CA, USA
Bangalore, India
Dubai, UAE

Platform

Continuous Monitoring
AI/ML Assisted Discovery & Validation
Automated Assessments
Prioritized Risk Identification
Swift Threat Detection and Response
Cyber Threat Informed Defense (CTID)
Compliance Assurance

Products

Continuous Threat Exposure Management
Vendor Security Management

Use Cases

Assess Your Security Posture
Eliminate Attack Vectors
Evaluate Vendors and Partners
Meet Compliance

Company

About NST Cyber
NST Cyber Partner Program
Careers

Resources

Blogs
Videos
White Papers & Advisories
© 2024 NST Cyber Inc. All Rights Reserved.
Privacy Policy