April 2025
April 2025 closed with 4,282 published CVEs — +13.6% YoY . 330 criticals, 15 added to CISA KEV (4 ransomware-linked). сообщество свободного программного обеспечения led volume, mostly via linux. Biggest breakout: ао «сбертех» at ×11.1 their 12-month median. Top weakness class — CWE-79 (796 CVE). 10 vendors cracked the top-100 for the first time.
Time to exploit
How fast the community ships detection after a CVE drops.
What's spreading where in April 2025
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
Most discussed CVEs — April 2025
Breakout vendors
CVE count ≥3× their own 12-period median.
- 11.1×ао «сбертех»122 CVE
- 9.0×code-projects63 CVE
- 6.4×phpgurukul83 CVE
- 4.7×hcltech28 CVE
- 3.5×hcl software30 CVE
- 3.4×мартин догиамас17 CVE
- 3.4×siemens81 CVE
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #28growatt30 CVE
- #37pcman24 CVE
- #41codeprojects20 CVE
- #47larry gritz19 CVE
- #49gnome foundation18 CVE
- #53мартин догиамас17 CVE
- #56bosch rexroth ag15 CVE
- #63senior-walter14 CVE
- #65the wikimedia foundation14 CVE
- #66ооо «датэкс софтвер»14 CVE
Top vendors
Ranked by distinct CVE count this period.
- 390 CVE16 critCVSS 6.1KEV 2Nuclei 5PoC 27linux (268) · debian gnu/linux (142) · xwiki platform (10)
- 283 CVE4 critCVSS 6.0KEV 1Nuclei 1PoC 10astra linux special edition (282) · astra linux common edition (48) · пк "ald pro" (1)
- 280 CVECVSS 5.9PoC 1linux (280) · linux kernel (280)
- 239 CVE7 critCVSS 6.1KEV 1Nuclei 2PoC 16ред ос (239)
- 222 CVE5 critCVSS 6.2KEV 1Nuclei 1PoC 11осон основа оnyx (222)
- 146 CVE2 critCVSS 7.5KEV 1PoC 2windows server 2025 (83) · windows server 2025 (server core installation) (82) · windows server 2022 (76)
- 130 CVE3 critCVSS 6.5PoC 12red hat enterprise linux (115) · red hat enterprise linux 8 (28) · red hat enterprise linux 9 (28)
- 122 CVE2 critCVSS 6.0×11.1PoC 4platform v sberlinux os server (122)
- 104 CVE3 critCVSS 6.0PoC 3альт сп 10 (94) · альт 8 сп (22)
- 95 CVECVSS 6.0PoC 5ubuntu (92) · mysql-k8s-operator (1) · ubuntu linux (1)
- 83 CVE5 critCVSS 7.1×6.4PoC 72men salon management system (14) · covid19 testing management system (10) · park ticketing management system (8)
- 81 CVE8 critCVSS 8.7×3.4telecontrol server basic (68) · sentron 7kt pac1260 (9) · sentron 7kt pac1260 data manager (9)
- 73 CVE1 critCVSS 5.9PoC 1mysql server (27) · mysql cluster (6) · e-business suite (5)
- 63 CVECVSS 6.1×9.0PoC 63patient record management system (13) · online restaurant management system (13) · blood bank management system (5)
- 59 CVE8 critCVSS 6.2KEV 2Nuclei 7PoC 10moodle/moodle (16) · yeswiki/yeswiki (8) · shopware/platform (5)
- 56 CVE7 critCVSS 6.3Nuclei 1PoC 2github.com/mattermost/mattermost/server/v8 (13) · github.com/rancher/rancher (9) · github.com/osrg/gobgp/v3 (4)
- 56 CVE10 critCVSS 6.7Nuclei 5PoC 10org.keycloak:keycloak-services (4) · org.opencms:opencms-core (3) · org.elasticsearch:elasticsearch (2)
- 52 CVE4 critCVSS 6.5coldfusion (15) · framemaker (10) · adobe framemaker (10)
- 52 CVE2 critCVSS 6.4PoC 9suse linux enterprise server (46) · suse linux enterprise server for sap applications (45) · opensuse leap (44)
- 47 CVE2 critCVSS 6.3Nuclei 2PoC 4tarteaucitronjs (3) · react-router (2) · mathlive (2)
- 47 CVE11 critCVSS 7.6PoC 33a810r firmware (12) · a810r (12) · a3100r (11)
- 36 CVE1 critCVSS 5.6aspera console (6) · txseries for multiplatforms (4) · infosphere information server (3)
- 36 CVE11 critCVSS 7.4KEV 1Nuclei 1PoC 5vllm (5) · picklescan (4) · langflow (2)
- 35 CVECVSS 5.5PoC 34web-based pharmacy product management system (15) · online eyewear shop (5) · apartment visitor management system (5)
- 34 CVECVSS 7.1wcd9380 firmware (28) · fastconnect 6900 firmware (28) · fastconnect 7800 firmware (26)
- 34 CVECVSS 7.4snapdragon (34)
- 32 CVE1 critCVSS 5.5Nuclei 31PoC 32ultimate dashboard (3) · wp multitasking (2) · user registration & membership (2)
- 30 CVE2 critCVSS 5.9NEWcloud portal (30)
- 30 CVECVSS 5.0×3.5hcl leap (10) · hcl domino leap (6) · hcl bigfix platform (3)
- 28 CVECVSS 5.0×4.7hcl leap (10) · domino leap (9) · bigfix platform (3)
- 28 CVE5 critCVSS 6.7PoC 24online id generator system (7) · online eyewear shop (5) · apartment visitor management system (5)
- 27 CVECVSS 7.2PoC 3chrome (13) · google chrome (11) · chrome os (8)
- 26 CVE2 critCVSS 6.9KEV 2PoC 4macos (22) · iphone os (20) · ipados (20)
- 26 CVE1 critCVSS 6.7powerscale onefs (6) · wyse management suite (5) · powerprotect data manager (3)
- 26 CVE1 critCVSS 6.9thunderbird (24) · firefox (22) · firefox esr (10)
- 24 CVE1 critCVSS 6.9surrealdb (8) · apollo-router (4) · gix-config (1)
- 24 CVECVSS 7.3NEWPoC 23ftp server (24)
- 24 CVE5 critCVSS 8.0PoC 17ac10 firmware (7) · w12 firmware (5) · w12 (5)
- 21 CVECVSS 6.6PoC 21junos (21) · junos os evolved (9)
- 21 CVECVSS 6.6PoC 21junos (21) · junos os (21) · junos os evolved (9)
- 20 CVECVSS 7.0NEWPoC 20online restaurant management system (16) · news publishing site dashboard (2) · patient record management system (1)
- 20 CVECVSS 7.1harmonyos (20) · emui (6)
- 20 CVE4 critCVSS 6.5KEV 1Nuclei 1sap netweaver (3) · sap s/4 hana (2) · sap commerce cloud (2)
- 20 CVE4 critCVSS 6.4KEV 1Nuclei 1sap businessobjects business intelligence platform (1) · sap capital yield tax management (1) · sap commerce cloud (1)
- 19 CVE4 critCVSS 7.5Nuclei 1PoC 2tomcat (2) · activemq artemis (2) · http server (1)
- 19 CVE4 critCVSS 7.6Nuclei 1PoC 2apache tomcat (2) · apache activemq artemis (2) · pinot (2)
- 19 CVE3 critCVSS 7.4NEWopenimageio (19)
- 18 CVECVSS 6.0sportsleague (1) · stage file proxy (1) · ueditor - 百度编辑器 (1)
- 18 CVE1 critCVSS 6.6NEWPoC 1libsoup (18)
- 17 CVECVSS 5.5moodle (17)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | сообщество свободного программного обеспечения | 390 | 16 | 2 | 5 | KEV 2Nuclei 5PoC 27 | linux (268) · debian gnu/linux (142) · xwiki platform (10) | — | |
| 2 | ооо «русбитех-астра» | 283 | 4 | 1 | 1 | KEV 1Nuclei 1PoC 10 | astra linux special edition (282) · astra linux common edition (48) · пк "ald pro" (1) | — | |
| 3 | linux | 280 | · | · | · | PoC 1 | linux (280) · linux kernel (280) | — | |
| 4 | ооо «ред софт» | 239 | 7 | 1 | 2 | KEV 1Nuclei 2PoC 16 | ред ос (239) | — | |
| 5 | ао "нппкт" | 222 | 5 | 1 | 1 | KEV 1Nuclei 1PoC 11 | осон основа оnyx (222) | — | |
| 6 | microsoft | 146 | 2 | 1 | · | KEV 1PoC 2 | windows server 2025 (83) · windows server 2025 (server core installation) (82) · windows server 2022 (76) | — | |
| 7 | redhat | 130 | 3 | · | · | PoC 12 | red hat enterprise linux (115) · red hat enterprise linux 8 (28) · red hat enterprise linux 9 (28) | — | |
| 8 | ао «сбертех» | 122 | 2 | · | · | ×11.1PoC 4 | platform v sberlinux os server (122) | — | |
| 9 | ао «ивк» | 104 | 3 | · | · | PoC 3 | альт сп 10 (94) · альт 8 сп (22) | — | |
| 10 | canonical | 95 | · | · | · | PoC 5 | ubuntu (92) · mysql-k8s-operator (1) · ubuntu linux (1) | — | |
| 11 | phpgurukul | 83 | 5 | · | · | ×6.4PoC 72 | men salon management system (14) · covid19 testing management system (10) · park ticketing management system (8) | — | |
| 12 | siemens | 81 | 8 | · | · | ×3.4 | telecontrol server basic (68) · sentron 7kt pac1260 (9) · sentron 7kt pac1260 data manager (9) | — | |
| 13 | oracle | 73 | 1 | · | · | PoC 1 | mysql server (27) · mysql cluster (6) · e-business suite (5) | — | |
| 14 | code-projects | 63 | · | · | · | ×9.0PoC 63 | patient record management system (13) · online restaurant management system (13) · blood bank management system (5) | — | |
| 15 | packagist | 59 | 8 | 2 | 7 | KEV 2Nuclei 7PoC 10 | moodle/moodle (16) · yeswiki/yeswiki (8) · shopware/platform (5) | — | |
| 16 | go | 56 | 7 | · | 1 | Nuclei 1PoC 2 | github.com/mattermost/mattermost/server/v8 (13) · github.com/rancher/rancher (9) · github.com/osrg/gobgp/v3 (4) | — | |
| 17 | maven | 56 | 10 | · | 5 | Nuclei 5PoC 10 | org.keycloak:keycloak-services (4) · org.opencms:opencms-core (3) · org.elasticsearch:elasticsearch (2) | — | |
| 18 | adobe | 52 | 4 | · | · | coldfusion (15) · framemaker (10) · adobe framemaker (10) | — | ||
| 19 | novell inc. | 52 | 2 | · | · | PoC 9 | suse linux enterprise server (46) · suse linux enterprise server for sap applications (45) · opensuse leap (44) | — | |
| 20 | npm | 47 | 2 | · | 2 | Nuclei 2PoC 4 | tarteaucitronjs (3) · react-router (2) · mathlive (2) | — | |
| 21 | totolink | 47 | 11 | · | · | PoC 33 | a810r firmware (12) · a810r (12) · a3100r (11) | — | |
| 22 | ibm | 36 | 1 | · | · | aspera console (6) · txseries for multiplatforms (4) · infosphere information server (3) | — | ||
| 23 | pypi | 36 | 11 | 1 | 1 | KEV 1Nuclei 1PoC 5 | vllm (5) · picklescan (4) · langflow (2) | — | |
| 24 | sourcecodester | 35 | · | · | · | PoC 34 | web-based pharmacy product management system (15) · online eyewear shop (5) · apartment visitor management system (5) | — | |
| 25 | qualcomm | 34 | · | · | · | wcd9380 firmware (28) · fastconnect 6900 firmware (28) · fastconnect 7800 firmware (26) | — | ||
| 26 | qualcomm, inc. | 34 | · | · | · | snapdragon (34) | — | ||
| 27 | unknown | 32 | 1 | · | 31 | Nuclei 31PoC 32 | ultimate dashboard (3) · wp multitasking (2) · user registration & membership (2) | — | |
| 28 | growatt | 30 | 2 | · | · | NEW | cloud portal (30) | — | |
| 29 | hcl software | 30 | · | · | · | ×3.5 | hcl leap (10) · hcl domino leap (6) · hcl bigfix platform (3) | — | |
| 30 | hcltech | 28 | · | · | · | ×4.7 | hcl leap (10) · domino leap (9) · bigfix platform (3) | — | |
| 31 | oretnom23 | 28 | 5 | · | · | PoC 24 | online id generator system (7) · online eyewear shop (5) · apartment visitor management system (5) | — | |
| 32 | 27 | · | · | · | PoC 3 | chrome (13) · google chrome (11) · chrome os (8) | — | ||
| 33 | apple | 26 | 2 | 2 | · | KEV 2PoC 4 | macos (22) · iphone os (20) · ipados (20) | — | |
| 34 | dell | 26 | 1 | · | · | powerscale onefs (6) · wyse management suite (5) · powerprotect data manager (3) | — | ||
| 35 | mozilla | 26 | 1 | · | · | thunderbird (24) · firefox (22) · firefox esr (10) | — | ||
| 36 | crates.io | 24 | 1 | · | · | surrealdb (8) · apollo-router (4) · gix-config (1) | — | ||
| 37 | pcman | 24 | · | · | · | NEWPoC 23 | ftp server (24) | — | |
| 38 | tenda | 24 | 5 | · | · | PoC 17 | ac10 firmware (7) · w12 firmware (5) · w12 (5) | — | |
| 39 | juniper | 21 | · | · | · | PoC 21 | junos (21) · junos os evolved (9) | — | |
| 40 | juniper networks | 21 | · | · | · | PoC 21 | junos (21) · junos os (21) · junos os evolved (9) | — | |
| 41 | codeprojects | 20 | · | · | · | NEWPoC 20 | online restaurant management system (16) · news publishing site dashboard (2) · patient record management system (1) | — | |
| 42 | huawei | 20 | · | · | · | harmonyos (20) · emui (6) | — | ||
| 43 | sap | 20 | 4 | 1 | 1 | KEV 1Nuclei 1 | sap netweaver (3) · sap s/4 hana (2) · sap commerce cloud (2) | — | |
| 44 | sap_se | 20 | 4 | 1 | 1 | KEV 1Nuclei 1 | sap businessobjects business intelligence platform (1) · sap capital yield tax management (1) · sap commerce cloud (1) | — | |
| 45 | apache | 19 | 4 | · | 1 | Nuclei 1PoC 2 | tomcat (2) · activemq artemis (2) · http server (1) | — | |
| 46 | apache software foundation | 19 | 4 | · | 1 | Nuclei 1PoC 2 | apache tomcat (2) · apache activemq artemis (2) · pinot (2) | — | |
| 47 | larry gritz | 19 | 3 | · | · | NEW | openimageio (19) | — | |
| 48 | drupal | 18 | · | · | · | sportsleague (1) · stage file proxy (1) · ueditor - 百度编辑器 (1) | — | ||
| 49 | gnome foundation | 18 | 1 | · | · | NEWPoC 1 | libsoup (18) | — | |
| 50 | moodle | 17 | · | · | · | moodle (17) | — |
Sectors
Solution categories ranked by distinct CVE count this period.
- Web & CMS Plugins1,321 CVE124 crit3 KEV770 vendorsCVSS 7.3webinarpress (6) · front end users (5) · royal elementor addons (5)
- Operating Systems779 CVE100 crit66 KEV39 vendorsCVSS 7.5linux (548) · astra linux special edition (282) · linux kernel (280)
- Enterprise Software581 CVE126 crit11 KEV146 vendorsCVSS 8.4hcl leap (20) · zabbix (10) · domino leap (9)
- OSS Libraries466 CVE75 crit8 KEV109 vendorsCVSS 8.7openimageio (19) · libsoup (18) · assimp (12)
- Networking Infrastructure234 CVE131 crit24 KEV61 vendorsCVSS 8.2junos (42) · junos os evolved (27) · junos os (21)
- Consumer Software140 CVE13 crit46 vendorsCVSS 7.7coldfusion (30) · adobe framemaker (20) · adobe commerce (10)
- Cloud & SaaS137 CVE10 crit5 KEV67 vendorsCVSS 7.4cloud portal (30) · chainmaker-go (2) · libsnowflakeclient (2)
- Databases128 CVE15 crit31 vendorsCVSS 8.6mysql server (70) · mysql cluster (16) · jd edwards enterpriseone tools (9)
- Hardware Firmware123 CVE13 crit33 vendorsCVSS 8.1fastconnect 6900 firmware (28) · wcd9380 firmware (28) · fastconnect 7800 firmware (26)
- ICS / OT / IoT101 CVE50 crit3 KEV42 vendorsCVSS 7.5ctrlx os (13) · ctrlx os - device admin (12) · arena (11)
- Security Products99 CVE16 crit6 KEV53 vendorsCVSS 7.7endpoint manager (6) · fortios (4) · fortiweb (4)
- Mobile Apps92 CVE25 crit23 KEV11 vendorsCVSS 8.0android (24) · harmonyos (20) · chrome (13)
- Communications89 CVE8 crit3 KEV34 vendorsCVSS 8.1ftp server (24) · crushftp (3) · gnu mailman (2)
- DevTools & CI64 CVE7 crit26 vendorsCVSS 6.9gitlab (16) · github enterprise server (4) · enterprise server (3)
- AI / ML43 CVE10 crit2 KEV30 vendorsCVSS 8.5vllm (7) · dify (6) · bentoml (2)
- Unclassified381 CVE29 crit267 vendorsCVSS 6.5novel-plus (13) · iksoris (11) · jsite (8)
| Sector | CVEs | Crit | KEV | Vendors | Products | Avg CVSS | Top products |
|---|---|---|---|---|---|---|---|
| Web & CMS Plugins▸ 6 | 1,321 | 124 | 3 | 770 | 1,029 | 7.3 | webinarpress (6) · front end users (5) · royal elementor addons (5) |
| Operating Systems▸ 5 | 779 | 100 | 66 | 39 | 558 | 7.5 | linux (548) · astra linux special edition (282) · linux kernel (280) |
| Enterprise Software▸ 7 | 581 | 126 | 11 | 146 | 617 | 8.4 | hcl leap (20) · zabbix (10) · domino leap (9) |
| OSS Libraries▸ 11 | 466 | 75 | 8 | 109 | 336 | 8.7 | openimageio (19) · libsoup (18) · assimp (12) |
| Networking Infrastructure▸ 6 | 234 | 131 | 24 | 61 | 251 | 8.2 | junos (42) · junos os evolved (27) · junos os (21) |
| Consumer Software▸ 4 | 140 | 13 | · | 46 | 100 | 7.7 | coldfusion (30) · adobe framemaker (20) · adobe commerce (10) |
| Cloud & SaaS▸ 5 | 137 | 10 | 5 | 67 | 92 | 7.4 | cloud portal (30) · chainmaker-go (2) · libsnowflakeclient (2) |
| Databases▸ 5 | 128 | 15 | · | 31 | 110 | 8.6 | mysql server (70) · mysql cluster (16) · jd edwards enterpriseone tools (9) |
| Hardware Firmware▸ 5 | 123 | 13 | · | 33 | 902 | 8.1 | fastconnect 6900 firmware (28) · wcd9380 firmware (28) · fastconnect 7800 firmware (26) |
| ICS / OT / IoT▸ 6 | 101 | 50 | 3 | 42 | 211 | 7.5 | ctrlx os (13) · ctrlx os - device admin (12) · arena (11) |
| Security Products▸ 6 | 99 | 16 | 6 | 53 | 95 | 7.7 | endpoint manager (6) · fortios (4) · fortiweb (4) |
| Mobile Apps▸ 3 | 92 | 25 | 23 | 11 | 32 | 8.0 | android (24) · harmonyos (20) · chrome (13) |
| Communications▸ 4 | 89 | 8 | 3 | 34 | 63 | 8.1 | ftp server (24) · crushftp (3) · gnu mailman (2) |
| DevTools & CI▸ 5 | 64 | 7 | · | 26 | 49 | 6.9 | gitlab (16) · github enterprise server (4) · enterprise server (3) |
| AI / ML▸ 4 | 43 | 10 | 2 | 30 | 29 | 8.5 | vllm (7) · dify (6) · bentoml (2) |
| Unclassified | 381 | 29 | · | 267 | 280 | 6.5 | novel-plus (13) · iksoris (11) · jsite (8) |
Which weaknesses hit which solution categories in April 2025
Cells shaded by share of the sector's hottest weakness. Click a row to open the sector history.