June 2025
June 2025 closed with 3,875 published CVEs — +16.3% YoY . 293 criticals, 20 added to CISA KEV (1 ransomware-linked). сообщество свободного программного обеспечения led volume, mostly via linux. Biggest breakout: phpgurukul at ×14.5 their 12-month median. Top weakness class — CWE-79 (737 CVE). 10 vendors cracked the top-100 for the first time.
Time to exploit
How fast the community ships detection after a CVE drops.
KEV pressure, no Nuclei coverage
June 2025 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 4microsoft76 CVE
- KEV 2ооо «русбитех-астра»124 CVE
- KEV 2ао "нппкт"113 CVE
- KEV 2google21 CVE
What's spreading where in June 2025
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
Most discussed CVEs — June 2025
Breakout vendors
CVE count ≥3× their own 12-period median.
- 14.5×phpgurukul123 CVE
- 10.8×fabian65 CVE
- 9.0×code-projects153 CVE
- 4.6×debian55 CVE
- 4.4×adobe260 CVE
- 3.5×campcodes21 CVE
- 3.1×totolink78 CVE
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #36carmelo22 CVE
- #40drupal21 CVE
- #60freefloat14 CVE
- #61thembay14 CVE
- #62anujk30513 CVE
- #65linksys13 CVE
- #67ооо «увеон»13 CVE
- #69juzaweb12 CVE
- #70preh car connect gmbh (joynext gmbh)12 CVE
- #73saltstack11 CVE
Top vendors
Ranked by distinct CVE count this period.
- 407 CVE21 critCVSS 6.2Nuclei 3PoC 19linux (301) · debian gnu/linux (179) · xwiki platform (9)
- 375 CVECVSS 6.0PoC 2linux (375) · linux kernel (375)
- 260 CVECVSS 5.7×4.4adobe experience manager (229) · experience manager (224) · adobe acrobat document cloud (10)
- 259 CVE7 critCVSS 6.7KEV 1Nuclei 1PoC 5red hat enterprise linux (237) · red hat enterprise linux 9 (28) · red hat enterprise linux 8 (27)
- 154 CVE12 critCVSS 6.4KEV 4Nuclei 3PoC 12ред ос (154)
- 153 CVE1 critCVSS 6.7×9.0Nuclei 1PoC 145inventory management system (20) · simple pizza ordering system (14) · online shoe store (12)
- 145 CVE3 critCVSS 6.2KEV 1Nuclei 1PoC 4ubuntu (143) · cloud-init (2) · authd (1)
- 124 CVE10 critCVSS 6.7KEV 2PoC 10astra linux special edition (121) · astra linux common edition (29) · пк "ald pro" (2)
- 123 CVECVSS 6.2×14.5PoC 112art gallery management system (9) · pre-school enrollment system (9) · complaint management system (9)
- 113 CVE10 critCVSS 6.6KEV 2PoC 9осон основа оnyx (113)
- 78 CVE2 critCVSS 7.9×3.1PoC 65x15 (20) · x15 firmware (20) · ex1200t firmware (19)
- 76 CVE2 critCVSS 7.1KEV 4PoC 3windows server 2025 (server core installation) (43) · windows server 2025 (43) · windows server 2022 (42)
- 76 CVE2 critCVSS 6.1PoC 4platform v sberlinux os server (76)
- 65 CVECVSS 6.5×10.8Nuclei 1PoC 65simple online hotel reservation system (11) · school fees payment system (9) · simple forum (8)
- 64 CVE6 critCVSS 6.6PoC 5альт сп 10 (36) · альт 8 сп (35)
- 58 CVE9 critCVSS 7.3Nuclei 4PoC 5org.geoserver.web:gs-web-app (6) · org.geoserver:gs-wfs (3) · org.apache.tomcat.embed:tomcat-embed-core (3)
- 55 CVE6 critCVSS 6.4×4.6KEV 2Nuclei 2PoC 4debian linux (50) · yubiserver (2) · pdns (1)
- 52 CVECVSS 5.4PoC 50best salon management system (21) · student result management system (10) · simple company website (7)
- 50 CVE4 critCVSS 6.1Nuclei 1PoC 10github.com/filebrowser/filebrowser/v2 (8) · github.com/mattermost/mattermost/server/v8 (7) · github.com/mattermost/mattermost-server (7)
- 49 CVE6 critCVSS 6.4KEV 1Nuclei 1PoC 2opensuse leap (47) · suse linux enterprise server (47) · suse linux enterprise server for sap applications (47)
- 48 CVE3 critCVSS 6.3qradar suite software (5) · infosphere information server (5) · cloud pak for security (5)
- 47 CVE6 critCVSS 6.7PoC 6salt (9) · backend.ai (3) · langchain-chatchat (3)
- 44 CVE7 critCVSS 8.1PoC 33dir-619l firmware (14) · dir-619l (14) · dir-816 firmware (7)
- 41 CVE5 critCVSS 8.0PoC 32dir-619l (14) · dir-816 (6) · di-7300g+ (4)
- 39 CVE3 critCVSS 6.4qradar suite software (5) · ibm cloud pak for security (5) · ibm planning analytics local (4)
- 39 CVE2 critCVSS 6.3KEV 1Nuclei 2PoC 4starcitizentools/citizen-skin (5) · magento/community-edition (5) · magento/project-community-edition (4)
- 39 CVECVSS 8.3PoC 34ac6 firmware (7) · ac5 firmware (5) · ac5 (5)
- 37 CVECVSS 8.2PoC 33ac6 (6) · tenda ac15 (4) · tenda ac9 (4)
- 34 CVE7 critCVSS 6.4Nuclei 1PoC 9erxes (3) · webpack-dev-server (2) · @haxtheweb/haxcms-nodejs (2)
- 30 CVE6 critCVSS 7.3exynos 1480 firmware (9) · exynos 2400 firmware (9) · exynos 2200 firmware (8)
- 28 CVE6 critCVSS 7.9trend micro endpoint encryption (8) · apex central (8) · trend micro apex central (8)
- 28 CVE6 critCVSS 7.9trend micro apex central (8) · trend micro endpoint encryption policy server (8) · trend micro apex one as a service (5)
- 24 CVE2 critCVSS 5.8Nuclei 23PoC 24newsletter (3) · file provider (2) · buddypress docs (1)
- 23 CVECVSS 5.3pdf-tools (23) · pdf-xchange editor (23) · pdf-xchange pro (3)
- 23 CVECVSS 5.3pdf-tools (23) · pdf-xchange editor (23) · pdf-xchange pro (23)
- 22 CVECVSS 6.5NEWPoC 18simple pizza ordering system (14) · traffic offense reporting system (4) · movie ticketing system (2)
- 21 CVE5 critCVSS 7.9Nuclei 1PoC 1cloudstack (5) · kafka (3) · tomcat (3)
- 21 CVE5 critCVSS 8.0Nuclei 1PoC 1apache cloudstack (5) · tomcat (3) · kafka (3)
- 21 CVECVSS 7.3×3.5PoC 21online hospital management system (6) · online teacher record management system (5) · sales and inventory system (5)
- 21 CVECVSS 6.8NEWsimple klaro (2) · quick node block (2) · cookies consent management (2)
- 21 CVE2 critCVSS 6.0PoC 3fedora (19) · fedora epel (12) · nbdkit plugin framework (2)
- 21 CVE1 critCVSS 7.4KEV 2PoC 1google chrome (10) · chrome (10) · android (4)
- 21 CVECVSS 6.3PoC 21best salon management system (21)
- 21 CVECVSS 7.6file station 5 (14) · file station (13) · quts hero (2)
- 20 CVECVSS 5.9PoC 11gitlab (20)
- 20 CVECVSS 5.8field analytics (12) · media server (10) · logistic diagnostic analytics (3)
- 20 CVECVSS 5.8sick field analytics (9) · sick media server (9) · tire analytics (3)
- 20 CVE3 critCVSS 7.1PoC 2мсвсфера (20)
- 19 CVECVSS 5.9PoC 11gitlab (19)
- 18 CVE4 critCVSS 6.4KEV 1Nuclei 1PoC 18cisco unified contact center express (6) · unified contact center express (6) · cisco identity services engine software (5)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | сообщество свободного программного обеспечения | 407 | 21 | · | 3 | Nuclei 3PoC 19 | linux (301) · debian gnu/linux (179) · xwiki platform (9) | — | |
| 2 | linux | 375 | · | · | · | PoC 2 | linux (375) · linux kernel (375) | — | |
| 3 | adobe | 260 | · | · | · | ×4.4 | adobe experience manager (229) · experience manager (224) · adobe acrobat document cloud (10) | — | |
| 4 | redhat | 259 | 7 | 1 | 1 | KEV 1Nuclei 1PoC 5 | red hat enterprise linux (237) · red hat enterprise linux 9 (28) · red hat enterprise linux 8 (27) | — | |
| 5 | ооо «ред софт» | 154 | 12 | 4 | 3 | KEV 4Nuclei 3PoC 12 | ред ос (154) | — | |
| 6 | code-projects | 153 | 1 | · | 1 | ×9.0Nuclei 1PoC 145 | inventory management system (20) · simple pizza ordering system (14) · online shoe store (12) | — | |
| 7 | canonical | 145 | 3 | 1 | 1 | KEV 1Nuclei 1PoC 4 | ubuntu (143) · cloud-init (2) · authd (1) | — | |
| 8 | ооо «русбитех-астра» | 124 | 10 | 2 | · | KEV 2PoC 10 | astra linux special edition (121) · astra linux common edition (29) · пк "ald pro" (2) | — | |
| 9 | phpgurukul | 123 | · | · | · | ×14.5PoC 112 | art gallery management system (9) · pre-school enrollment system (9) · complaint management system (9) | — | |
| 10 | ао "нппкт" | 113 | 10 | 2 | · | KEV 2PoC 9 | осон основа оnyx (113) | — | |
| 11 | totolink | 78 | 2 | · | · | ×3.1PoC 65 | x15 (20) · x15 firmware (20) · ex1200t firmware (19) | — | |
| 12 | microsoft | 76 | 2 | 4 | · | KEV 4PoC 3 | windows server 2025 (server core installation) (43) · windows server 2025 (43) · windows server 2022 (42) | — | |
| 13 | ао «сбертех» | 76 | 2 | · | · | PoC 4 | platform v sberlinux os server (76) | — | |
| 14 | fabian | 65 | · | · | 1 | ×10.8Nuclei 1PoC 65 | simple online hotel reservation system (11) · school fees payment system (9) · simple forum (8) | — | |
| 15 | ао «ивк» | 64 | 6 | · | · | PoC 5 | альт сп 10 (36) · альт 8 сп (35) | — | |
| 16 | maven | 58 | 9 | · | 4 | Nuclei 4PoC 5 | org.geoserver.web:gs-web-app (6) · org.geoserver:gs-wfs (3) · org.apache.tomcat.embed:tomcat-embed-core (3) | — | |
| 17 | debian | 55 | 6 | 2 | 2 | ×4.6KEV 2Nuclei 2PoC 4 | debian linux (50) · yubiserver (2) · pdns (1) | — | |
| 18 | sourcecodester | 52 | · | · | · | PoC 50 | best salon management system (21) · student result management system (10) · simple company website (7) | — | |
| 19 | go | 50 | 4 | · | 1 | Nuclei 1PoC 10 | github.com/filebrowser/filebrowser/v2 (8) · github.com/mattermost/mattermost/server/v8 (7) · github.com/mattermost/mattermost-server (7) | — | |
| 20 | novell inc. | 49 | 6 | 1 | 1 | KEV 1Nuclei 1PoC 2 | opensuse leap (47) · suse linux enterprise server (47) · suse linux enterprise server for sap applications (47) | — | |
| 21 | ibm | 48 | 3 | · | · | qradar suite software (5) · infosphere information server (5) · cloud pak for security (5) | — | ||
| 22 | pypi | 47 | 6 | · | · | PoC 6 | salt (9) · backend.ai (3) · langchain-chatchat (3) | — | |
| 23 | dlink | 44 | 7 | · | · | PoC 33 | dir-619l firmware (14) · dir-619l (14) · dir-816 firmware (7) | — | |
| 24 | d-link | 41 | 5 | · | · | PoC 32 | dir-619l (14) · dir-816 (6) · di-7300g+ (4) | — | |
| 25 | ibm corp. | 39 | 3 | · | · | qradar suite software (5) · ibm cloud pak for security (5) · ibm planning analytics local (4) | — | ||
| 26 | packagist | 39 | 2 | 1 | 2 | KEV 1Nuclei 2PoC 4 | starcitizentools/citizen-skin (5) · magento/community-edition (5) · magento/project-community-edition (4) | — | |
| 27 | tenda | 39 | · | · | · | PoC 34 | ac6 firmware (7) · ac5 firmware (5) · ac5 (5) | — | |
| 28 | shenzhen tenda technology co., ltd. | 37 | · | · | · | PoC 33 | ac6 (6) · tenda ac15 (4) · tenda ac9 (4) | — | |
| 29 | npm | 34 | 7 | · | 1 | Nuclei 1PoC 9 | erxes (3) · webpack-dev-server (2) · @haxtheweb/haxcms-nodejs (2) | — | |
| 30 | samsung | 30 | 6 | · | · | exynos 1480 firmware (9) · exynos 2400 firmware (9) · exynos 2200 firmware (8) | — | ||
| 31 | trendmicro | 28 | 6 | · | · | trend micro endpoint encryption (8) · apex central (8) · trend micro apex central (8) | — | ||
| 32 | trend micro, inc. | 28 | 6 | · | · | trend micro apex central (8) · trend micro endpoint encryption policy server (8) · trend micro apex one as a service (5) | — | ||
| 33 | unknown | 24 | 2 | · | 23 | Nuclei 23PoC 24 | newsletter (3) · file provider (2) · buddypress docs (1) | — | |
| 34 | pdf-xchange | 23 | · | · | · | pdf-tools (23) · pdf-xchange editor (23) · pdf-xchange pro (3) | — | ||
| 35 | tracker software products ltd. | 23 | · | · | · | pdf-tools (23) · pdf-xchange editor (23) · pdf-xchange pro (23) | — | ||
| 36 | carmelo | 22 | · | · | · | NEWPoC 18 | simple pizza ordering system (14) · traffic offense reporting system (4) · movie ticketing system (2) | — | |
| 37 | apache | 21 | 5 | · | 1 | Nuclei 1PoC 1 | cloudstack (5) · kafka (3) · tomcat (3) | — | |
| 38 | apache software foundation | 21 | 5 | · | 1 | Nuclei 1PoC 1 | apache cloudstack (5) · tomcat (3) · kafka (3) | — | |
| 39 | campcodes | 21 | · | · | · | ×3.5PoC 21 | online hospital management system (6) · online teacher record management system (5) · sales and inventory system (5) | — | |
| 40 | drupal | 21 | · | · | · | NEW | simple klaro (2) · quick node block (2) · cookies consent management (2) | — | |
| 41 | fedora project | 21 | 2 | · | · | PoC 3 | fedora (19) · fedora epel (12) · nbdkit plugin framework (2) | — | |
| 42 | 21 | 1 | 2 | · | KEV 2PoC 1 | google chrome (10) · chrome (10) · android (4) | — | ||
| 43 | mayurik | 21 | · | · | · | PoC 21 | best salon management system (21) | — | |
| 44 | qnap | 21 | · | · | · | file station 5 (14) · file station (13) · quts hero (2) | — | ||
| 45 | gitlab | 20 | · | · | · | PoC 11 | gitlab (20) | — | |
| 46 | sick | 20 | · | · | · | field analytics (12) · media server (10) · logistic diagnostic analytics (3) | — | ||
| 47 | sick ag | 20 | · | · | · | sick field analytics (9) · sick media server (9) · tire analytics (3) | — | ||
| 48 | ооо «нцпр» | 20 | 3 | · | · | PoC 2 | мсвсфера (20) | — | |
| 49 | gitlab inc. | 19 | · | · | · | PoC 11 | gitlab (19) | — | |
| 50 | cisco | 18 | 4 | 1 | 1 | KEV 1Nuclei 1PoC 18 | cisco unified contact center express (6) · unified contact center express (6) · cisco identity services engine software (5) | — |
Sectors
Solution categories ranked by distinct CVE count this period.
- Web & CMS Plugins1,052 CVE86 crit502 vendorsCVSS 7.8best salon management system (21) · inventory management system (20) · dm corporative cms (18)
- Operating Systems734 CVE286 crit197 KEV51 vendorsCVSS 7.1linux (676) · linux kernel (375) · red hat enterprise linux (237)
- Enterprise Software441 CVE50 crit5 KEV108 vendorsCVSS 7.4art gallery management system (9) · complaint management system (9) · pre-school enrollment system (9)
- OSS Libraries420 CVE73 crit1 KEV123 vendorsCVSS 8.7geoserver (12) · deno (8) · cpython (6)
- Consumer Software382 CVE20 crit2 KEV45 vendorsCVSS 8.1adobe experience manager (447) · experience manager (224) · pdf-tools (46)
- Networking Infrastructure328 CVE162 crit8 KEV71 vendorsCVSS 9.8x15 (20) · x15 firmware (20) · ex1200t (19)
- Hardware Firmware212 CVE680 crit389 KEV64 vendorsCVSS 7.9volkswagen mib3 infotainment system mib3 oi mqb (12) · qcs-ax2-a12 firmware (8) · qcs-ax2-s5 firmware (8)
- ICS / OT / IoT149 CVE85 crit58 vendorsCVSS 8.4field analytics (15) · media server (11) · sick field analytics (9)
- Security Products132 CVE34 crit69 vendorsCVSS 7.7trend micro apex central (16) · apex one (9) · apex central (8)
- Cloud & SaaS121 CVE16 crit8 KEV55 vendorsCVSS 7.6диспетчер подключений виртуальных рабочих мест термидеск (13) · salt (11) · vmware nsx (9)
- Mobile Apps70 CVE11 crit15 KEV10 vendorsCVSS 9.8android (12) · harmonyos (11) · chrome (10)
- Databases64 CVE5 crit16 vendorsCVSS 7.8ibm cloud pak for security (5) · qradar suite software (5) · cognos analytics (4)
- DevTools & CI64 CVE5 crit23 vendorsCVSS 9.8gitlab (39) · git-annex (2) · gogs (2)
- Communications53 CVE23 crit4 KEV33 vendorsCVSS 7.7011209 sip emergency intercom (5) · 011209 sip emergency intercom firmware (4) · cyberdata 011209 sip emergency intercom (4)
- AI / ML41 CVE9 crit36 vendorsCVSS 7.3fastgpt (4) · llama.cpp (4) · backendai (3)
- Unclassified363 CVE41 crit186 vendorsCVSS 6.8мсвсфера (20) · dir-619l (14) · blogbook (8)
| Sector | CVEs | Crit | KEV | Vendors | Products | Avg CVSS | Top products |
|---|---|---|---|---|---|---|---|
| Web & CMS Plugins▸ 6 | 1,052 | 86 | · | 502 | 746 | 7.8 | best salon management system (21) · inventory management system (20) · dm corporative cms (18) |
| Operating Systems▸ 5 | 734 | 286 | 197 | 51 | 389 | 7.1 | linux (676) · linux kernel (375) · red hat enterprise linux (237) |
| Enterprise Software▸ 7 | 441 | 50 | 5 | 108 | 321 | 7.4 | art gallery management system (9) · complaint management system (9) · pre-school enrollment system (9) |
| OSS Libraries▸ 11 | 420 | 73 | 1 | 123 | 354 | 8.7 | geoserver (12) · deno (8) · cpython (6) |
| Consumer Software▸ 5 | 382 | 20 | 2 | 45 | 88 | 8.1 | adobe experience manager (447) · experience manager (224) · pdf-tools (46) |
| Networking Infrastructure▸ 6 | 328 | 162 | 8 | 71 | 330 | 9.8 | x15 (20) · x15 firmware (20) · ex1200t (19) |
| Hardware Firmware▸ 5 | 212 | 680 | 389 | 64 | 1,798 | 7.9 | volkswagen mib3 infotainment system mib3 oi mqb (12) · qcs-ax2-a12 firmware (8) · qcs-ax2-s5 firmware (8) |
| ICS / OT / IoT▸ 6 | 149 | 85 | · | 58 | 214 | 8.4 | field analytics (15) · media server (11) · sick field analytics (9) |
| Security Products▸ 6 | 132 | 34 | · | 69 | 120 | 7.7 | trend micro apex central (16) · apex one (9) · apex central (8) |
| Cloud & SaaS▸ 5 | 121 | 16 | 8 | 55 | 112 | 7.6 | диспетчер подключений виртуальных рабочих мест термидеск (13) · salt (11) · vmware nsx (9) |
| Mobile Apps▸ 3 | 70 | 11 | 15 | 10 | 49 | 9.8 | android (12) · harmonyos (11) · chrome (10) |
| Databases▸ 5 | 64 | 5 | · | 16 | 42 | 7.8 | ibm cloud pak for security (5) · qradar suite software (5) · cognos analytics (4) |
| DevTools & CI▸ 5 | 64 | 5 | · | 23 | 23 | 9.8 | gitlab (39) · git-annex (2) · gogs (2) |
| Communications▸ 4 | 53 | 23 | 4 | 33 | 43 | 7.7 | 011209 sip emergency intercom (5) · 011209 sip emergency intercom firmware (4) · cyberdata 011209 sip emergency intercom (4) |
| AI / ML▸ 4 | 41 | 9 | · | 36 | 35 | 7.3 | fastgpt (4) · llama.cpp (4) · backendai (3) |
| Unclassified | 363 | 41 | · | 186 | 238 | 6.8 | мсвсфера (20) · dir-619l (14) · blogbook (8) |
Which weaknesses hit which solution categories in June 2025
Cells shaded by share of the sector's hottest weakness. Click a row to open the sector history.