February 2025
February 2025 closed with 3,940 published CVEs — +32.1% YoY . 253 criticals, 27 added to CISA KEV (2 ransomware-linked). linux led volume, mostly via linux kernel. Biggest breakout: gnu at ×4.4 their 12-month median. Top weakness class — CWE-79 (643 CVE). 10 vendors cracked the top-100 for the first time.
Time to exploit
How fast the community ships detection after a CVE drops.
KEV pressure, no Nuclei coverage
February 2025 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 3microsoft74 CVE
What's spreading where in February 2025
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
Most discussed CVEs — February 2025
Breakout vendors
CVE count ≥3× their own 12-period median.
- 4.4×gnu20 CVE
- 3.0×linux910 CVE
- 3.0×ооо «открытая мобильная платформа»42 CVE
- 3.0×f5 networks, inc.12 CVE
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #19q-free43 CVE
- #24enituretechnology28 CVE
- #35labredescefetrj22 CVE
- #37wegia22 CVE
- #44eniture18 CVE
- #57ооо «нпо мир»14 CVE
- #63mercedes-benz13 CVE
- #68bplugins12 CVE
- #72erich boleyn11 CVE
- #85moodle project9 CVE
Top vendors
Ranked by distinct CVE count this period.
- 910 CVECVSS 5.9×3.0PoC 3linux kernel (910) · linux (909)
- 715 CVE14 critCVSS 6.2KEV 1Nuclei 3PoC 18linux (625) · debian gnu/linux (346) · xwayland (8)
- 323 CVE4 critCVSS 6.2PoC 5ubuntu (323) · ubuntu linux (1)
- 300 CVE2 critCVSS 6.6PoC 6red hat enterprise linux (280) · red hat enterprise linux 9 (25) · red hat enterprise linux 8 (25)
- 254 CVE7 critCVSS 6.4PoC 17astra linux special edition (252) · astra linux common edition (35) · пк св "брест" (2)
- 194 CVE7 critCVSS 6.5PoC 7осон основа оnyx (194)
- 157 CVE5 critCVSS 6.3PoC 12ред ос (157)
- 79 CVE2 critCVSS 5.8PoC 1entirex (13) · applinx (9) · security verify access (8)
- 74 CVE1 critCVSS 7.5KEV 3PoC 1windows server 2025 (server core installation) (37) · windows server 2025 (37) · windows 11 version 24h2 (35)
- 65 CVECVSS 6.210th generation intel core processor family (8) · 12th generation intel core processor family (8) · intel proset/wireless wifi (7)
- 64 CVECVSS 5.7Nuclei 62PoC 64paid membership plugin, ecommerce, user registration form, login form, user profile & restrict content (3) · zarinpal paid download (2) · wp finance (2)
- 60 CVE4 critCVSS 6.7Nuclei 1PoC 3magento/community-edition (24) · magento/project-community-edition (24) · leantime/leantime (10)
- 56 CVE1 critCVSS 6.4PoC 5suse linux enterprise server (53) · suse linux enterprise server for sap applications (50) · suse linux enterprise high performance computing (37)
- 56 CVE5 critCVSS 6.9PoC 5альт сп 10 (35) · альт 8 сп (29)
- 51 CVE1 critCVSS 6.6adobe commerce (31) · adobe commerce b2b (31) · commerce b2b (31)
- 47 CVE2 critCVSS 6.9PoC 4android (26) · google chrome (10) · chrome (9)
- 47 CVE5 critCVSS 6.8Nuclei 3PoC 3mongosh (4) · better-auth (3) · @ckeditor/ckeditor5-real-time-collaboration (1)
- 43 CVE2 critCVSS 6.5PoC 43cinema booking system (8) · hotel booking system (5) · restaurant booking system (5)
- 43 CVE9 critCVSS 7.4NEWmaxtime (43)
- 42 CVECVSS 7.8×3.0ос аврора (40) · аврора центр (2)
- 35 CVE7 critCVSS 7.6KEV 1Nuclei 4PoC 1github.com/mattermost/mattermost/server/v8 (4) · github.com/mayswind/ezbookkeeping (2) · github.com/clidey/whodb/core (2)
- 32 CVECVSS 6.8PoC 3роса хром (16) · rosa virtualization 3.0 (14) · роса кобальт (10)
- 30 CVE2 critCVSS 6.5PoC 28cisco ios xe (8) · ios xe (8) · ios (8)
- 28 CVE1 critCVSS 7.2NEWNuclei 28ltl freight quotes – unishippers edition (3) · ltl freight quotes – worldwide express edition (3) · ltl freight quotes – globaltranz edition (2)
- 28 CVE1 critCVSS 6.4ibm openpages with watson (8) · ibm openpages (8) · cognos controller (7)
- 27 CVE3 critCVSS 6.8KEV 1Nuclei 1PoC 3org.apache.cassandra:cassandra-all (3) · org.keycloak:keycloak-services (2) · io.netty:netty-common (1)
- 26 CVECVSS 5.5samsung mobile devices (17) · blockchain keystore (2) · samsung email (1)
- 25 CVE6 critCVSS 7.3PoC 5mobsf (3) · vyper (3) · label-studio (2)
- 25 CVE3 critCVSS 6.9мсвсфера (25)
- 24 CVE1 critCVSS 8.0fastconnect 7800 firmware (23) · wcd9380 firmware (20) · fastconnect 6900 firmware (19)
- 24 CVE1 critCVSS 7.6snapdragon (24)
- 24 CVECVSS 5.8android (16) · blockchain keystore (2) · exynos 1480 firmware (2)
- 23 CVE10 critCVSS 8.6PoC 9w18e firmware (9) · ac8 firmware (5) · ac6 firmware (3)
- 22 CVECVSS 4.7PoC 22real estate property management system (9) · job recruitment (3) · blood bank system (3)
- 22 CVE15 critCVSS 9.4NEWPoC 8wegia (22)
- 22 CVECVSS 5.3PoC 15best church management software (8) · best employee management system (4) · employee management system (2)
- 22 CVE15 critCVSS 9.4NEWPoC 8wegia (22)
- 20 CVECVSS 4.0×4.4PoC 18binutils (13) · elfutils (6) · grub2 (1)
- 20 CVE4 critCVSS 7.1PoC 15land record system (9) · online nurse hiring system (4) · daily expense tracker system (2)
- 19 CVE4 critCVSS 7.5Nuclei 1PoC 7dir-853 firmware (7) · dir-853 a1 (7) · dsl-3782 firmware (6)
- 19 CVE1 critCVSS 5.9PoC 12gitlab (19) · gitlab vscode fork (1)
- 19 CVECVSS 4.9PoC 1cuda toolkit (10) · nvidia cuda toolkit (10) · nvjpeg2000 (4)
- 18 CVECVSS 6.5amd ryzen™ 5000 series desktop processor with radeon™ graphics (10) · amd ryzen™ 4000 series mobile processors with radeon™ graphics (10) · amd ryzen™ 7035 series processor with radeon™ graphics (10)
- 18 CVECVSS 7.4NEWNuclei 18ltl freight quotes (13) · small package quotes (5)
- 18 CVE7 critCVSS 7.2PoC 13seacms (18)
- 17 CVECVSS 7.6PoC 1big-ip (14) · big-ip policy enforcement manager (10) · big-ip access policy manager (10)
- 17 CVECVSS 6.5oracle exadata (16) · java se (1)
- 17 CVECVSS 5.9sap netweaver and abap platform (sdccn) (2) · sap netweaver application server java (2) · sap businessobjects business intelligence platform (central management console) (1)
- 16 CVE1 critCVSS 6.6mt6739, mt6761, mt6765, mt6768, mt6771, mt6779, mt6781, mt6785, mt6833, mt6853, mt6873, mt6877, mt6885, mt6893, mt8167, mt8167s, mt8175, mt8185, mt8195, mt8321, mt8362a, mt8365, mt8385, mt8395, mt8666, mt8667, mt8673, mt8675, mt8678, mt8765, mt8766, mt8768, mt8771, mt8775, mt8781, mt8786, mt8788, mt8789, mt8791t, mt8795t, mt8797, mt8798, mt8893 (8) · mt7615, mt7622, mt7663, mt7915, mt7916, mt7981, mt7986 (2) · mt2737, mt6813, mt6835, mt6835t, mt6878, mt6878m, mt6879, mt6886, mt6895, mt6895tt, mt6896, mt6897, mt6899, mt6980, mt6980d, mt6983, mt6983t, mt6985, mt6985t, mt6989, mt6989t, mt6990, mt6991, mt8673, mt8676, mt8678, mt8795t, mt8798, mt8863 (1)
- 16 CVECVSS 6.2siplus s7-1200 cpu 1212c dc/dc/dc (4) · siplus s7-1200 cpu 1212 ac/dc/rly (4) · simatic s7-1200 cpu 1211c ac/dc/rly (4)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | linux | 910 | · | · | · | ×3.0PoC 3 | linux kernel (910) · linux (909) | — | |
| 2 | сообщество свободного программного обеспечения | 715 | 14 | 1 | 3 | KEV 1Nuclei 3PoC 18 | linux (625) · debian gnu/linux (346) · xwayland (8) | — | |
| 3 | canonical | 323 | 4 | · | · | PoC 5 | ubuntu (323) · ubuntu linux (1) | — | |
| 4 | redhat | 300 | 2 | · | · | PoC 6 | red hat enterprise linux (280) · red hat enterprise linux 9 (25) · red hat enterprise linux 8 (25) | — | |
| 5 | ооо «русбитех-астра» | 254 | 7 | · | · | PoC 17 | astra linux special edition (252) · astra linux common edition (35) · пк св "брест" (2) | — | |
| 6 | ао "нппкт" | 194 | 7 | · | · | PoC 7 | осон основа оnyx (194) | — | |
| 7 | ооо «ред софт» | 157 | 5 | · | · | PoC 12 | ред ос (157) | — | |
| 8 | ibm | 79 | 2 | · | · | PoC 1 | entirex (13) · applinx (9) · security verify access (8) | — | |
| 9 | microsoft | 74 | 1 | 3 | · | KEV 3PoC 1 | windows server 2025 (server core installation) (37) · windows server 2025 (37) · windows 11 version 24h2 (35) | — | |
| 10 | intel | 65 | · | · | · | 10th generation intel core processor family (8) · 12th generation intel core processor family (8) · intel proset/wireless wifi (7) | — | ||
| 11 | unknown | 64 | · | · | 62 | Nuclei 62PoC 64 | paid membership plugin, ecommerce, user registration form, login form, user profile & restrict content (3) · zarinpal paid download (2) · wp finance (2) | — | |
| 12 | packagist | 60 | 4 | · | 1 | Nuclei 1PoC 3 | magento/community-edition (24) · magento/project-community-edition (24) · leantime/leantime (10) | — | |
| 13 | novell inc. | 56 | 1 | · | · | PoC 5 | suse linux enterprise server (53) · suse linux enterprise server for sap applications (50) · suse linux enterprise high performance computing (37) | — | |
| 14 | ао «ивк» | 56 | 5 | · | · | PoC 5 | альт сп 10 (35) · альт 8 сп (29) | — | |
| 15 | adobe | 51 | 1 | · | · | adobe commerce (31) · adobe commerce b2b (31) · commerce b2b (31) | — | ||
| 16 | 47 | 2 | · | · | PoC 4 | android (26) · google chrome (10) · chrome (9) | — | ||
| 17 | npm | 47 | 5 | · | 3 | Nuclei 3PoC 3 | mongosh (4) · better-auth (3) · @ckeditor/ckeditor5-real-time-collaboration (1) | — | |
| 18 | phpjabbers | 43 | 2 | · | · | PoC 43 | cinema booking system (8) · hotel booking system (5) · restaurant booking system (5) | — | |
| 19 | q-free | 43 | 9 | · | · | NEW | maxtime (43) | — | |
| 20 | ооо «открытая мобильная платформа» | 42 | · | · | · | ×3.0 | ос аврора (40) · аврора центр (2) | — | |
| 21 | go | 35 | 7 | 1 | 4 | KEV 1Nuclei 4PoC 1 | github.com/mattermost/mattermost/server/v8 (4) · github.com/mayswind/ezbookkeeping (2) · github.com/clidey/whodb/core (2) | — | |
| 22 | ао «нтц ит роса» | 32 | · | · | · | PoC 3 | роса хром (16) · rosa virtualization 3.0 (14) · роса кобальт (10) | — | |
| 23 | cisco | 30 | 2 | · | · | PoC 28 | cisco ios xe (8) · ios xe (8) · ios (8) | — | |
| 24 | enituretechnology | 28 | 1 | · | 28 | NEWNuclei 28 | ltl freight quotes – unishippers edition (3) · ltl freight quotes – worldwide express edition (3) · ltl freight quotes – globaltranz edition (2) | — | |
| 25 | ibm corp. | 28 | 1 | · | · | ibm openpages with watson (8) · ibm openpages (8) · cognos controller (7) | — | ||
| 26 | maven | 27 | 3 | 1 | 1 | KEV 1Nuclei 1PoC 3 | org.apache.cassandra:cassandra-all (3) · org.keycloak:keycloak-services (2) · io.netty:netty-common (1) | — | |
| 27 | samsung mobile | 26 | · | · | · | samsung mobile devices (17) · blockchain keystore (2) · samsung email (1) | — | ||
| 28 | pypi | 25 | 6 | · | · | PoC 5 | mobsf (3) · vyper (3) · label-studio (2) | — | |
| 29 | ооо «нцпр» | 25 | 3 | · | · | мсвсфера (25) | — | ||
| 30 | qualcomm | 24 | 1 | · | · | fastconnect 7800 firmware (23) · wcd9380 firmware (20) · fastconnect 6900 firmware (19) | — | ||
| 31 | qualcomm, inc. | 24 | 1 | · | · | snapdragon (24) | — | ||
| 32 | samsung | 24 | · | · | · | android (16) · blockchain keystore (2) · exynos 1480 firmware (2) | — | ||
| 33 | tenda | 23 | 10 | · | · | PoC 9 | w18e firmware (9) · ac8 firmware (5) · ac6 firmware (3) | — | |
| 34 | code-projects | 22 | · | · | · | PoC 22 | real estate property management system (9) · job recruitment (3) · blood bank system (3) | — | |
| 35 | labredescefetrj | 22 | 15 | · | · | NEWPoC 8 | wegia (22) | — | |
| 36 | sourcecodester | 22 | · | · | · | PoC 15 | best church management software (8) · best employee management system (4) · employee management system (2) | — | |
| 37 | wegia | 22 | 15 | · | · | NEWPoC 8 | wegia (22) | — | |
| 38 | gnu | 20 | · | · | · | ×4.4PoC 18 | binutils (13) · elfutils (6) · grub2 (1) | — | |
| 39 | phpgurukul | 20 | 4 | · | · | PoC 15 | land record system (9) · online nurse hiring system (4) · daily expense tracker system (2) | — | |
| 40 | dlink | 19 | 4 | · | 1 | Nuclei 1PoC 7 | dir-853 firmware (7) · dir-853 a1 (7) · dsl-3782 firmware (6) | — | |
| 41 | gitlab | 19 | 1 | · | · | PoC 12 | gitlab (19) · gitlab vscode fork (1) | — | |
| 42 | nvidia | 19 | · | · | · | PoC 1 | cuda toolkit (10) · nvidia cuda toolkit (10) · nvjpeg2000 (4) | — | |
| 43 | amd | 18 | · | · | · | amd ryzen™ 5000 series desktop processor with radeon™ graphics (10) · amd ryzen™ 4000 series mobile processors with radeon™ graphics (10) · amd ryzen™ 7035 series processor with radeon™ graphics (10) | — | ||
| 44 | eniture | 18 | · | · | 18 | NEWNuclei 18 | ltl freight quotes (13) · small package quotes (5) | — | |
| 45 | seacms | 18 | 7 | · | · | PoC 13 | seacms (18) | — | |
| 46 | f5 | 17 | · | · | · | PoC 1 | big-ip (14) · big-ip policy enforcement manager (10) · big-ip access policy manager (10) | — | |
| 47 | oracle | 17 | · | · | · | oracle exadata (16) · java se (1) | — | ||
| 48 | sap_se | 17 | · | · | · | sap netweaver and abap platform (sdccn) (2) · sap netweaver application server java (2) · sap businessobjects business intelligence platform (central management console) (1) | — | ||
| 49 | mediatek, inc. | 16 | 1 | · | · | mt6739, mt6761, mt6765, mt6768, mt6771, mt6779, mt6781, mt6785, mt6833, mt6853, mt6873, mt6877, mt6885, mt6893, mt8167, mt8167s, mt8175, mt8185, mt8195, mt8321, mt8362a, mt8365, mt8385, mt8395, mt8666, mt8667, mt8673, mt8675, mt8678, mt8765, mt8766, mt8768, mt8771, mt8775, mt8781, mt8786, mt8788, mt8789, mt8791t, mt8795t, mt8797, mt8798, mt8893 (8) · mt7615, mt7622, mt7663, mt7915, mt7916, mt7981, mt7986 (2) · mt2737, mt6813, mt6835, mt6835t, mt6878, mt6878m, mt6879, mt6886, mt6895, mt6895tt, mt6896, mt6897, mt6899, mt6980, mt6980d, mt6983, mt6983t, mt6985, mt6985t, mt6989, mt6989t, mt6990, mt6991, mt8673, mt8676, mt8678, mt8795t, mt8798, mt8863 (1) | — | ||
| 50 | siemens | 16 | · | · | · | siplus s7-1200 cpu 1212c dc/dc/dc (4) · siplus s7-1200 cpu 1212 ac/dc/rly (4) · simatic s7-1200 cpu 1211c ac/dc/rly (4) | — |
Sectors
Solution categories ranked by distinct CVE count this period.
- Operating Systems1,304 CVE64 crit106 KEV40 vendorsCVSS 7.7linux (1534) · linux kernel (910) · debian gnu/linux (346)
- Web & CMS Plugins822 CVE69 crit2 KEV555 vendorsCVSS 7.2wp job portal (7) · wp job portal – ai-powered recruitment system for company or job board website (6) · wp mailster (6)
- Enterprise Software406 CVE657 crit2 KEV111 vendorsCVSS 8.4entirex (13) · glpi (12) · applinx (9)
- OSS Libraries347 CVE46 crit2 KEV92 vendorsCVSS 8.1ffmpeg (14) · binutils (13) · elfutils (13)
- Hardware Firmware211 CVE536 crit36 vendorsCVSS 8.3amd ryzen™ 4000 series desktop processor with radeon™ graphics (10) · amd ryzen™ 4000 series mobile processors with radeon™ graphics (10) · amd ryzen™ 5000 series desktop processor with radeon™ graphics (10)
- Networking Infrastructure203 CVE108 crit32 KEV57 vendorsCVSS 9.1brocade sannav (10) · asyncos (9) · w18e firmware (9)
- Security Products126 CVE24 crit16 KEV59 vendorsCVSS 7.8big-ip (14) · big-ip access policy manager (10) · big-ip policy enforcement manager (10)
- Consumer Software109 CVE29 crit2 KEV34 vendorsCVSS 7.9adobe commerce (55) · adobe commerce b2b (31) · commerce b2b (31)
- ICS / OT / IoT102 CVE87 crit3 KEV44 vendorsCVSS 8.8конфигуратор контроллеров мир (11) · контроллер мир кт-51 (9) · mypro manager (8)
- Cloud & SaaS99 CVE24 crit53 vendorsCVSS 8.1ltl freight quotes (13) · small package quotes (5) · mautic (3)
- Mobile Apps87 CVE3 crit5 KEV8 vendorsCVSS 9.8android (43) · google chrome (10) · harmonyos (10)
- Databases59 CVE1 crit13 vendorsCVSS 6.9oracle exadata (16) · ibm openpages (8) · ibm openpages with watson (8)
- Communications56 CVE14 crit34 vendorsCVSS 7.8mattermost (9) · mattermost server (6) · mastodon (4)
- DevTools & CI53 CVE7 crit19 vendorsCVSS 7.2u-boot (6) · vitest (4) · radare2 (3)
- AI / ML21 CVE8 crit19 vendorsCVSS 8.9label-studio (3) · concorde (2) · label studio (2)
- Unclassified353 CVE27 crit187 vendorsCVSS 6.5maxtime (43) · мсвсфера (25) · cinema booking system (8)
| Sector | CVEs | Crit | KEV | Vendors | Products | Avg CVSS | Top products |
|---|---|---|---|---|---|---|---|
| Operating Systems▸ 5 | 1,304 | 64 | 106 | 40 | 417 | 7.7 | linux (1534) · linux kernel (910) · debian gnu/linux (346) |
| Web & CMS Plugins▸ 6 | 822 | 69 | 2 | 555 | 758 | 7.2 | wp job portal (7) · wp job portal – ai-powered recruitment system for company or job board website (6) · wp mailster (6) |
| Enterprise Software▸ 7 | 406 | 657 | 2 | 111 | 1,293 | 8.4 | entirex (13) · glpi (12) · applinx (9) |
| OSS Libraries▸ 11 | 347 | 46 | 2 | 92 | 264 | 8.1 | ffmpeg (14) · binutils (13) · elfutils (13) |
| Hardware Firmware▸ 5 | 211 | 536 | · | 36 | 1,291 | 8.3 | amd ryzen™ 4000 series desktop processor with radeon™ graphics (10) · amd ryzen™ 4000 series mobile processors with radeon™ graphics (10) · amd ryzen™ 5000 series desktop processor with radeon™ graphics (10) |
| Networking Infrastructure▸ 6 | 203 | 108 | 32 | 57 | 285 | 9.1 | brocade sannav (10) · asyncos (9) · w18e firmware (9) |
| Security Products▸ 6 | 126 | 24 | 16 | 59 | 139 | 7.8 | big-ip (14) · big-ip access policy manager (10) · big-ip policy enforcement manager (10) |
| Consumer Software▸ 5 | 109 | 29 | 2 | 34 | 53 | 7.9 | adobe commerce (55) · adobe commerce b2b (31) · commerce b2b (31) |
| ICS / OT / IoT▸ 6 | 102 | 87 | 3 | 44 | 122 | 8.8 | конфигуратор контроллеров мир (11) · контроллер мир кт-51 (9) · mypro manager (8) |
| Cloud & SaaS▸ 5 | 99 | 24 | · | 53 | 87 | 8.1 | ltl freight quotes (13) · small package quotes (5) · mautic (3) |
| Mobile Apps▸ 3 | 87 | 3 | 5 | 8 | 30 | 9.8 | android (43) · google chrome (10) · harmonyos (10) |
| Databases▸ 4 | 59 | 1 | · | 13 | 30 | 6.9 | oracle exadata (16) · ibm openpages (8) · ibm openpages with watson (8) |
| Communications▸ 4 | 56 | 14 | · | 34 | 76 | 7.8 | mattermost (9) · mattermost server (6) · mastodon (4) |
| DevTools & CI▸ 4 | 53 | 7 | · | 19 | 18 | 7.2 | u-boot (6) · vitest (4) · radare2 (3) |
| AI / ML▸ 5 | 21 | 8 | · | 19 | 20 | 8.9 | label-studio (3) · concorde (2) · label studio (2) |
| Unclassified | 353 | 27 | · | 187 | 225 | 6.5 | maxtime (43) · мсвсфера (25) · cinema booking system (8) |
Which weaknesses hit which solution categories in February 2025
Cells shaded by share of the sector's hottest weakness. Click a row to open the sector history.