July 2025
July 2025 closed with 4,086 published CVEs — +25.8% YoY . 368 criticals, 20 added to CISA KEV (4 ransomware-linked). сообщество свободного программного обеспечения led volume, mostly via linux. Biggest breakout: debian at ×40.2 their 12-month median. Top weakness class — CWE-79 (483 CVE). 10 vendors cracked the top-100 for the first time.
Time to exploit
How fast the community ships detection after a CVE drops.
KEV pressure, no Nuclei coverage
July 2025 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 3ооо «русбитех-астра»372 CVE
- KEV 3ао "нппкт"236 CVE
- KEV 3debian201 CVE
- KEV 3apple85 CVE
- KEV 2ао «сбертех»228 CVE
- KEV 2ао «ивк»178 CVE
- KEV 1linux401 CVE
What's spreading where in July 2025
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
Most discussed CVEs — July 2025
Breakout vendors
CVE count ≥3× their own 12-period median.
- 40.2×debian201 CVE
- 21.5×phpgurukul86 CVE
- 18.2×irfanview91 CVE
- 14.7×code-projects154 CVE
- 10.8×campcodes65 CVE
- 4.5×fabian36 CVE
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #13cadsofttools91 CVE
- #14irfanview91 CVE
- #27irfan skiljan42 CVE
- #29anisha37 CVE
- #36labredescefetrj31 CVE
- #37wegia31 CVE
- #39wikimedia foundation30 CVE
- #47samsung electronics25 CVE
- #50carmelo24 CVE
- #57huawei technologies co., ltd.20 CVE
Top vendors
Ranked by distinct CVE count this period.
- 536 CVE18 critCVSS 6.3KEV 1Nuclei 2PoC 26linux (406) · debian gnu/linux (140) · gpac (22)
- 401 CVECVSS 6.1KEV 1PoC 1linux (401) · linux kernel (401)
- 395 CVE6 critCVSS 6.3KEV 3Nuclei 2PoC 15ред ос (395)
- 372 CVE8 critCVSS 6.5KEV 3PoC 11astra linux special edition (372) · astra linux common edition (47)
- 294 CVE2 critCVSS 6.3PoC 7red hat enterprise linux (275) · red hat enterprise linux 8 (19) · red hat enterprise linux 9 (19)
- 236 CVE6 critCVSS 6.4KEV 3PoC 7осон основа оnyx (236)
- 228 CVE3 critCVSS 6.2KEV 2PoC 5platform v sberlinux os server (228)
- 201 CVECVSS 6.2×40.2KEV 3PoC 1debian linux (200) · dpkg (1)
- 178 CVE8 critCVSS 6.5KEV 2PoC 7альт 8 сп (131) · альт сп 10 (53)
- 154 CVECVSS 7.0×14.7PoC 154exam form submission (20) · online appointment booking system (14) · church donation system (14)
- 149 CVE5 critCVSS 7.6KEV 4Nuclei 3PoC 4windows server 2025 (server core installation) (97) · windows server 2025 (97) · windows server 2022 23h2 (94)
- 118 CVE2 critCVSS 6.4PoC 6ubuntu (112) · juju (3) · juju\/utils (1)
- 91 CVECVSS 7.8NEWcadimage (91)
- 91 CVECVSS 7.8NEW×18.2irfanview (91)
- 86 CVECVSS 5.8×21.5Nuclei 1PoC 84vehicle parking management system (13) · apartment visitors management system (9) · online fire reporting system (9)
- 85 CVE25 critCVSS 7.2KEV 3macos (78) · ipados (29) · iphone os (25)
- 85 CVE1 critCVSS 5.9mysql server (29) · mysql (28) · e-business suite (9)
- 73 CVE3 critCVSS 6.8Nuclei 1adobe framemaker (15) · framemaker (15) · coldfusion (13)
- 69 CVE6 critCVSS 6.7Nuclei 1PoC 1org.glassfish.main.admingui:console-common (5) · org.keycloak:keycloak-services (4) · org.jenkins-ci.plugins:applitools-eyes (3)
- 68 CVE2 critCVSS 6.3PoC 8opensuse leap (61) · suse linux enterprise server (60) · suse linux enterprise server for sap applications (59)
- 65 CVECVSS 6.9×10.8PoC 63employee management system (10) · payroll management system (9) · courier management system (8)
- 63 CVECVSS 8.5PoC 54fh451 firmware (15) · fh451 (15) · o3v2 (10)
- 59 CVE4 critCVSS 6.9KEV 1Nuclei 2PoC 7@haxtheweb/haxcms-nodejs (6) · directus (4) · @finos/git-proxy (4)
- 57 CVECVSS 8.5PoC 49tenda fh451 (14) · tenda o3 (10) · tenda fh1201 (8)
- 54 CVECVSS 6.1db2 (8) · openpages with watson (6) · cognos analytics mobile (4)
- 51 CVE5 critCVSS 7.0Nuclei 1PoC 18transformers (5) · pyload-ng (5) · openexr (3)
- 42 CVECVSS 7.7NEWirfanview (42)
- 41 CVE12 critCVSS 7.9magicinfo 9 server (18) · android (12) · data management server firmware (6)
- 37 CVECVSS 7.3NEWPoC 37online appointment booking system (14) · job diary (5) · jonnys liquor (3)
- 36 CVECVSS 4.1sequoia-openpgp (4) · cosmwasm-std (2) · curve25519-dalek (2)
- 36 CVECVSS 6.5×4.5PoC 36online ordering system (7) · voting system (7) · chat system (5)
- 34 CVE7 critCVSS 7.3Nuclei 2PoC 4github.com/mattermost/mattermost/server/v8 (3) · github.com/lf-edge/ekuiper/v2 (3) · github.com/mattermost/mattermost-server (3)
- 33 CVE3 critCVSS 8.1PoC 30t6 firmware (13) · t6 (13) · a702r firmware (6)
- 32 CVECVSS 5.9jenkins applitools eyes plugin (3) · applitools eyes (3) · jenkins readyapi functional testing plugin (2)
- 31 CVECVSS 5.9ibm db2 connect server (8) · ibm db2 (8) · ibm openpages (5)
- 31 CVE3 critCVSS 7.1NEWPoC 15wegia (31)
- 31 CVE3 critCVSS 7.1NEWPoC 15wegia (31)
- 30 CVECVSS 5.9applitools eyes (3) · apica loadtest (2) · dead man's snitch (2)
- 30 CVE3 critCVSS 6.4NEWPoC 1mediawiki - abusefilter extension (3) · mediawiki - checkuser extension (3) · mediawiki - securepoll extension (3)
- 29 CVE5 critCVSS 6.1sap netweaver (4) · sap business warehouse (4) · sapcar (4)
- 28 CVE3 critCVSS 7.3PoC 24dir-513 (7) · di-8100 firmware (6) · dir-513 firmware (6)
- 28 CVE5 critCVSS 6.1sapcar (4) · sap netweaver application server for abap (2) · sap businessobjects content administrator workbench (1)
- 26 CVE1 critCVSS 7.4fastconnect 7800 firmware (24) · wcd9380 firmware (22) · fastconnect 6900 firmware (22)
- 26 CVE1 critCVSS 7.6snapdragon (26)
- 25 CVE3 critCVSS 7.9PoC 21dir-513 (7) · di-8100 (6) · di-500wf (1)
- 25 CVE5 critCVSS 7.6KEV 1Nuclei 2PoC 9starcitizentools/citizen-skin (2) · codeigniter4/framework (2) · elmsln/haxcms (2)
- 25 CVE11 critCVSS 8.4NEWmagicinfo 9 server (18) · data management server (5) · wlan ap wea453e (1)
- 24 CVE1 critCVSS 7.2PoC 1http server (9) · tomcat (3) · jspwiki (2)
- 24 CVE1 critCVSS 7.2PoC 1http server (9) · apache http server (9) · tomcat (3)
- 24 CVECVSS 6.9NEWPoC 24church donation system (14) · food ordering review system (3) · simple pizza ordering system (3)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | сообщество свободного программного обеспечения | 536 | 18 | 1 | 2 | KEV 1Nuclei 2PoC 26 | linux (406) · debian gnu/linux (140) · gpac (22) | — | |
| 2 | linux | 401 | · | 1 | · | KEV 1PoC 1 | linux (401) · linux kernel (401) | — | |
| 3 | ооо «ред софт» | 395 | 6 | 3 | 2 | KEV 3Nuclei 2PoC 15 | ред ос (395) | — | |
| 4 | ооо «русбитех-астра» | 372 | 8 | 3 | · | KEV 3PoC 11 | astra linux special edition (372) · astra linux common edition (47) | — | |
| 5 | redhat | 294 | 2 | · | · | PoC 7 | red hat enterprise linux (275) · red hat enterprise linux 8 (19) · red hat enterprise linux 9 (19) | — | |
| 6 | ао "нппкт" | 236 | 6 | 3 | · | KEV 3PoC 7 | осон основа оnyx (236) | — | |
| 7 | ао «сбертех» | 228 | 3 | 2 | · | KEV 2PoC 5 | platform v sberlinux os server (228) | — | |
| 8 | debian | 201 | · | 3 | · | ×40.2KEV 3PoC 1 | debian linux (200) · dpkg (1) | — | |
| 9 | ао «ивк» | 178 | 8 | 2 | · | KEV 2PoC 7 | альт 8 сп (131) · альт сп 10 (53) | — | |
| 10 | code-projects | 154 | · | · | · | ×14.7PoC 154 | exam form submission (20) · online appointment booking system (14) · church donation system (14) | — | |
| 11 | microsoft | 149 | 5 | 4 | 3 | KEV 4Nuclei 3PoC 4 | windows server 2025 (server core installation) (97) · windows server 2025 (97) · windows server 2022 23h2 (94) | — | |
| 12 | canonical | 118 | 2 | · | · | PoC 6 | ubuntu (112) · juju (3) · juju\/utils (1) | — | |
| 13 | cadsofttools | 91 | · | · | · | NEW | cadimage (91) | — | |
| 14 | irfanview | 91 | · | · | · | NEW×18.2 | irfanview (91) | — | |
| 15 | phpgurukul | 86 | · | · | 1 | ×21.5Nuclei 1PoC 84 | vehicle parking management system (13) · apartment visitors management system (9) · online fire reporting system (9) | — | |
| 16 | apple | 85 | 25 | 3 | · | KEV 3 | macos (78) · ipados (29) · iphone os (25) | — | |
| 17 | oracle | 85 | 1 | · | · | mysql server (29) · mysql (28) · e-business suite (9) | — | ||
| 18 | adobe | 73 | 3 | · | 1 | Nuclei 1 | adobe framemaker (15) · framemaker (15) · coldfusion (13) | — | |
| 19 | maven | 69 | 6 | · | 1 | Nuclei 1PoC 1 | org.glassfish.main.admingui:console-common (5) · org.keycloak:keycloak-services (4) · org.jenkins-ci.plugins:applitools-eyes (3) | — | |
| 20 | novell inc. | 68 | 2 | · | · | PoC 8 | opensuse leap (61) · suse linux enterprise server (60) · suse linux enterprise server for sap applications (59) | — | |
| 21 | campcodes | 65 | · | · | · | ×10.8PoC 63 | employee management system (10) · payroll management system (9) · courier management system (8) | — | |
| 22 | tenda | 63 | · | · | · | PoC 54 | fh451 firmware (15) · fh451 (15) · o3v2 (10) | — | |
| 23 | npm | 59 | 4 | 1 | 2 | KEV 1Nuclei 2PoC 7 | @haxtheweb/haxcms-nodejs (6) · directus (4) · @finos/git-proxy (4) | — | |
| 24 | shenzhen tenda technology co., ltd. | 57 | · | · | · | PoC 49 | tenda fh451 (14) · tenda o3 (10) · tenda fh1201 (8) | — | |
| 25 | ibm | 54 | · | · | · | db2 (8) · openpages with watson (6) · cognos analytics mobile (4) | — | ||
| 26 | pypi | 51 | 5 | · | 1 | Nuclei 1PoC 18 | transformers (5) · pyload-ng (5) · openexr (3) | — | |
| 27 | irfan skiljan | 42 | · | · | · | NEW | irfanview (42) | — | |
| 28 | samsung | 41 | 12 | · | · | magicinfo 9 server (18) · android (12) · data management server firmware (6) | — | ||
| 29 | anisha | 37 | · | · | · | NEWPoC 37 | online appointment booking system (14) · job diary (5) · jonnys liquor (3) | — | |
| 30 | crates.io | 36 | · | · | · | sequoia-openpgp (4) · cosmwasm-std (2) · curve25519-dalek (2) | — | ||
| 31 | fabian | 36 | · | · | · | ×4.5PoC 36 | online ordering system (7) · voting system (7) · chat system (5) | — | |
| 32 | go | 34 | 7 | · | 2 | Nuclei 2PoC 4 | github.com/mattermost/mattermost/server/v8 (3) · github.com/lf-edge/ekuiper/v2 (3) · github.com/mattermost/mattermost-server (3) | — | |
| 33 | totolink | 33 | 3 | · | · | PoC 30 | t6 firmware (13) · t6 (13) · a702r firmware (6) | — | |
| 34 | jenkins | 32 | · | · | · | jenkins applitools eyes plugin (3) · applitools eyes (3) · jenkins readyapi functional testing plugin (2) | — | ||
| 35 | ibm corp. | 31 | · | · | · | ibm db2 connect server (8) · ibm db2 (8) · ibm openpages (5) | — | ||
| 36 | labredescefetrj | 31 | 3 | · | · | NEWPoC 15 | wegia (31) | — | |
| 37 | wegia | 31 | 3 | · | · | NEWPoC 15 | wegia (31) | — | |
| 38 | cd foundation | 30 | · | · | · | applitools eyes (3) · apica loadtest (2) · dead man's snitch (2) | — | ||
| 39 | wikimedia foundation | 30 | 3 | · | · | NEWPoC 1 | mediawiki - abusefilter extension (3) · mediawiki - checkuser extension (3) · mediawiki - securepoll extension (3) | — | |
| 40 | sap | 29 | 5 | · | · | sap netweaver (4) · sap business warehouse (4) · sapcar (4) | — | ||
| 41 | dlink | 28 | 3 | · | · | PoC 24 | dir-513 (7) · di-8100 firmware (6) · dir-513 firmware (6) | — | |
| 42 | sap_se | 28 | 5 | · | · | sapcar (4) · sap netweaver application server for abap (2) · sap businessobjects content administrator workbench (1) | — | ||
| 43 | qualcomm | 26 | 1 | · | · | fastconnect 7800 firmware (24) · wcd9380 firmware (22) · fastconnect 6900 firmware (22) | — | ||
| 44 | qualcomm, inc. | 26 | 1 | · | · | snapdragon (26) | — | ||
| 45 | d-link | 25 | 3 | · | · | PoC 21 | dir-513 (7) · di-8100 (6) · di-500wf (1) | — | |
| 46 | packagist | 25 | 5 | 1 | 2 | KEV 1Nuclei 2PoC 9 | starcitizentools/citizen-skin (2) · codeigniter4/framework (2) · elmsln/haxcms (2) | — | |
| 47 | samsung electronics | 25 | 11 | · | · | NEW | magicinfo 9 server (18) · data management server (5) · wlan ap wea453e (1) | — | |
| 48 | apache | 24 | 1 | · | · | PoC 1 | http server (9) · tomcat (3) · jspwiki (2) | — | |
| 49 | apache software foundation | 24 | 1 | · | · | PoC 1 | http server (9) · apache http server (9) · tomcat (3) | — | |
| 50 | carmelo | 24 | · | · | · | NEWPoC 24 | church donation system (14) · food ordering review system (3) · simple pizza ordering system (3) | — |
Sectors
Solution categories ranked by distinct CVE count this period.
- Operating Systems908 CVE171 crit44 KEV38 vendorsCVSS 8.8linux (807) · linux kernel (401) · ред ос (395)
- Web & CMS Plugins843 CVE93 crit1 KEV373 vendorsCVSS 7.5exam form submission (20) · http server (18) · church donation system (14)
- Enterprise Software517 CVE51 crit1 KEV143 vendorsCVSS 8.0poly clariti manager (20) · glpi (16) · db2 (8)
- OSS Libraries434 CVE51 crit13 KEV113 vendorsCVSS 7.6imagemagick (8) · axiom axiomjdk (7) · gnutls (7)
- Consumer Software353 CVE41 crit1 KEV41 vendorsCVSS 8.5cadimage (91) · adobe framemaker (30) · coldfusion (26)
- Networking Infrastructure325 CVE121 crit11 KEV78 vendorsCVSS 8.5junos (42) · junos os evolved (36) · junos os (21)
- ICS / OT / IoT259 CVE107 crit75 vendorsCVSS 8.1endress+hauser meac300-fnade4 (19) · meac300-fnade4 firmware (19) · charx sec-3000 (18)
- Mobile Apps172 CVE106 crit17 KEV14 vendorsCVSS 7.2macos (117) · ipados (50) · visionos (35)
- Hardware Firmware166 CVE243 crit41 vendorsCVSS 7.6qconvergeconsole (16) · mt6890, mt7615, mt7622, mt7663, mt7915, mt7916, mt7981, mt7986 (7) · 3rd gen amd epyc (4)
- Security Products152 CVE18 crit1 KEV75 vendorsCVSS 7.0conjur (5) · blitz identity provider (4) · onelogin active directory connector (adc) (3)
- Databases145 CVE7 crit20 vendorsCVSS 6.6mysql server (51) · mysql (37) · vm virtualbox (14)
- DevTools & CI103 CVE6 crit5 KEV35 vendorsCVSS 7.0applitools eyes (6) · apica loadtest (4) · nouvola divecloud (4)
- Cloud & SaaS97 CVE45 crit1 KEV52 vendorsCVSS 7.7tableau server (8) · studentmanage (5) · n8n (4)
- AI / ML72 CVE21 crit32 vendorsCVSS 8.2gpt-sovits (9) · gpt-sovits-webui (9) · llamaindex (8)
- Communications58 CVE5 crit1 KEV31 vendorsCVSS 7.3clariti manager (7) · zoom (4) · avid nexis e-series (3)
- Unclassified341 CVE67 crit2 KEV184 vendorsCVSS 7.2мсвсфера (22) · online appointment booking system (14) · quiter gateway (11)
| Sector | CVEs | Crit | KEV | Vendors | Products | Avg CVSS | Top products |
|---|---|---|---|---|---|---|---|
| Operating Systems▸ 5 | 908 | 171 | 44 | 38 | 429 | 8.8 | linux (807) · linux kernel (401) · ред ос (395) |
| Web & CMS Plugins▸ 6 | 843 | 93 | 1 | 373 | 555 | 7.5 | exam form submission (20) · http server (18) · church donation system (14) |
| Enterprise Software▸ 7 | 517 | 51 | 1 | 143 | 567 | 8.0 | poly clariti manager (20) · glpi (16) · db2 (8) |
| OSS Libraries▸ 10 | 434 | 51 | 13 | 113 | 351 | 7.6 | imagemagick (8) · axiom axiomjdk (7) · gnutls (7) |
| Consumer Software▸ 5 | 353 | 41 | 1 | 41 | 328 | 8.5 | cadimage (91) · adobe framemaker (30) · coldfusion (26) |
| Networking Infrastructure▸ 6 | 325 | 121 | 11 | 78 | 359 | 8.5 | junos (42) · junos os evolved (36) · junos os (21) |
| ICS / OT / IoT▸ 6 | 259 | 107 | · | 75 | 529 | 8.1 | endress+hauser meac300-fnade4 (19) · meac300-fnade4 firmware (19) · charx sec-3000 (18) |
| Mobile Apps▸ 3 | 172 | 106 | 17 | 14 | 55 | 7.2 | macos (117) · ipados (50) · visionos (35) |
| Hardware Firmware▸ 5 | 166 | 243 | · | 41 | 1,167 | 7.6 | qconvergeconsole (16) · mt6890, mt7615, mt7622, mt7663, mt7915, mt7916, mt7981, mt7986 (7) · 3rd gen amd epyc (4) |
| Security Products▸ 6 | 152 | 18 | 1 | 75 | 134 | 7.0 | conjur (5) · blitz identity provider (4) · onelogin active directory connector (adc) (3) |
| Databases▸ 5 | 145 | 7 | · | 20 | 96 | 6.6 | mysql server (51) · mysql (37) · vm virtualbox (14) |
| DevTools & CI▸ 5 | 103 | 6 | 5 | 35 | 83 | 7.0 | applitools eyes (6) · apica loadtest (4) · nouvola divecloud (4) |
| Cloud & SaaS▸ 5 | 97 | 45 | 1 | 52 | 79 | 7.7 | tableau server (8) · studentmanage (5) · n8n (4) |
| AI / ML▸ 5 | 72 | 21 | · | 32 | 41 | 8.2 | gpt-sovits (9) · gpt-sovits-webui (9) · llamaindex (8) |
| Communications▸ 4 | 58 | 5 | 1 | 31 | 63 | 7.3 | clariti manager (7) · zoom (4) · avid nexis e-series (3) |
| Unclassified | 341 | 67 | 2 | 184 | 211 | 7.2 | мсвсфера (22) · online appointment booking system (14) · quiter gateway (11) |
Which weaknesses hit which solution categories in July 2025
Cells shaded by share of the sector's hottest weakness. Click a row to open the sector history.