August 2025
August 2025 closed with 3,871 published CVEs — +28.0% YoY . 343 criticals, 15 added to CISA KEV. сообщество свободного программного обеспечения led volume, mostly via linux. Biggest breakout: debian at ×6.4 their 12-month median. Top weakness class — CWE-79 (570 CVE). 10 vendors cracked the top-100 for the first time.
Time to exploit
How fast the community ships detection after a CVE drops.
KEV pressure, no Nuclei coverage
August 2025 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 1adobe79 CVE
What's spreading where in August 2025
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
Most discussed CVEs — August 2025
Breakout vendors
CVE count ≥3× their own 12-period median.
- 6.4×debian77 CVE
- 3.9×nvidia43 CVE
- 3.7×huawei52 CVE
- 3.7×hcl software11 CVE
- 3.3×fabian20 CVE
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #21linksys50 CVE
- #23portabilis48 CVE
- #29linksys holdings, inc.37 CVE
- #35jvckenwood29 CVE
- #36kenwood29 CVE
- #37admerc28 CVE
- #40anisha24 CVE
- #53zoneland19 CVE
- #54cgm17 CVE
- #63atjiu13 CVE
Top vendors
Ranked by distinct CVE count this period.
- 276 CVE10 critCVSS 6.3Nuclei 4PoC 26linux (187) · debian gnu/linux (85) · gpac (21)
- 238 CVE9 critCVSS 6.1PoC 24ред ос (238) · ред база данных (9)
- 186 CVECVSS 6.1PoC 7linux (186) · linux kernel (186)
- 168 CVE3 critCVSS 6.4PoC 19astra linux special edition (167) · astra linux common edition (30)
- 124 CVE8 critCVSS 7.5PoC 5windows server 2025 (server core installation) (68) · windows server 2025 (68) · windows server 2022, 23h2 edition (server core installation) (63)
- 103 CVE3 critCVSS 6.1PoC 11альт сп 10 (84) · альт 8 сп (47)
- 81 CVE10 critCVSS 6.3Nuclei 4PoC 5com.liferay.portal:release.portal.bom (20) · org.pytorch:executorch-android (5) · com.liferay.portal:release.dxp.bom (5)
- 79 CVE1 critCVSS 6.8KEV 1PoC 1adobe indesign (15) · indesign (14) · indesign desktop (14)
- 79 CVE2 critCVSS 6.0PoC 10red hat enterprise linux (62) · red hat enterprise linux 9 (8) · red hat enterprise linux 8 (7)
- 77 CVE1 critCVSS 6.3×6.4PoC 5debian linux (76) · devscripts (1)
- 75 CVE6 critCVSS 6.0PoC 3github.com/mattermost/mattermost-plugin-confluence (13) · github.com/mattermost/mattermost/server/v8 (9) · github.com/mattermost/mattermost-server (9)
- 75 CVE9 critCVSS 7.5PoC 9picklescan (29) · executorch (6) · apache-superset (4)
- 75 CVE3 critCVSS 6.8PoC 13осон основа оnyx (75)
- 72 CVE1 critCVSS 6.4PoC 6ubuntu (72)
- 72 CVECVSS 6.1PoC 6platform v sberlinux os server (69) · субд «platform v pangolin db» (3)
- 54 CVECVSS 6.9PoC 54online medicine guide (12) · human resource integrated system (7) · simple grading system (6)
- 53 CVECVSS 7.2PoC 53apartment management system (28) · online tour and travel management system (20) · sports management system (3)
- 52 CVECVSS 6.1×3.7harmonyos (49) · emui (12) · enzoh-w5611t firmware (3)
- 51 CVE5 critCVSS 7.2PoC 1android (30) · chrome (16) · google chrome (16)
- 51 CVE9 critCVSS 7.1Nuclei 5PoC 12@anthropic-ai/claude-code (3) · next (3) · flowise (3)
- 50 CVECVSS 8.1NEWPoC 47re6300 firmware (43) · re6350 (43) · re6350 firmware (43)
- 48 CVE1 critCVSS 6.5PoC 48cisco firepower threat defense software (22) · cisco adaptive security appliance (asa) software (18) · firepower threat defense (17)
- 48 CVECVSS 4.0NEWPoC 45i-educar (36) · i-diario (12)
- 47 CVE4 critCVSS 7.7PoC 32ac6 firmware (12) · ac20 firmware (9) · ac20 (9)
- 46 CVE2 critCVSS 5.8Nuclei 1dxp (46) · digital experience platform (45) · portal (45)
- 43 CVE3 critCVSS 6.5×3.9triton inference server (17) · nvidia triton inference server (17) · gpu display drivers (12)
- 43 CVE1 critCVSS 6.8qsync central (14) · file station 5 (12) · file station (12)
- 39 CVE4 critCVSS 6.7Nuclei 3PoC 15magento/community-edition (6) · magento/project-community-edition (6) · unopim/unopim (5)
- 37 CVECVSS 8.0NEWPoC 34re6300 (31) · re7000 (31) · re6250 (31)
- 35 CVE1 critCVSS 6.2websphere application server (5) · concert (5) · concert software (5)
- 32 CVE3 critCVSS 7.9PoC 27tenda ac20 (9) · tenda ch22 (4) · tenda ac6 v2.0 (4)
- 31 CVECVSS 6.1PoC 7suse linux enterprise server (27) · suse linux enterprise server for sap applications (27) · suse linux enterprise desktop (27)
- 30 CVE7 critCVSS 8.0PoC 15dsl-7740c (9) · dsl-7740c firmware (9) · dir-619l firmware (4)
- 30 CVE1 critCVSS 6.9smartclient modules opcenter ql home (sc) (7) · soa audit (7) · soa cockpit (7)
- 29 CVECVSS 6.9NEWdmx958xr firmware (29)
- 29 CVECVSS 6.9NEWdmx958xr (29)
- 28 CVECVSS 7.3NEWPoC 28apartment management system (28)
- 28 CVE2 critCVSS 6.9Nuclei 1PoC 1data domain operating system (5) · powerprotect data domain feature release (5) · powerprotect data domain lts 2023 (5)
- 28 CVECVSS 7.1PoC 26covid 19 testing management system (7) · online bank management system (5) · advanced school management system (3)
- 24 CVECVSS 7.3NEWPoC 24online medicine guide (12) · wazifa system (4) · job diary (3)
- 24 CVE22 critCVSS 9.7PoC 9libbiosig (24)
- 24 CVECVSS 7.1wcd9380 firmware (21) · fastconnect 6900 firmware (21) · fastconnect 7800 firmware (20)
- 24 CVECVSS 7.3snapdragon (24)
- 24 CVE22 critCVSS 9.7PoC 9libbiosig (24)
- 23 CVECVSS 7.1Nuclei 1PoC 20online loan management system (7) · online water billing system (4) · online flight booking management system (3)
- 22 CVECVSS 6.4intel core ultra processor (series 1) (4) · intel core ultra processors (series 2) (4) · 4th gen intel xeon scalable processors (4)
- 22 CVECVSS 5.3confluence (13) · mattermost confluence plugin (13) · mattermost (9)
- 21 CVE3 critCVSS 7.1PoC 2apache superset (4) · superset (4) · apache zeppelin (3)
- 21 CVE6 critCVSS 7.8firefox (19) · thunderbird (7) · firefox esr (7)
- 20 CVE3 critCVSS 7.2PoC 2superset (4) · zeppelin (3) · tomcat (2)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | сообщество свободного программного обеспечения | 276 | 10 | · | 4 | Nuclei 4PoC 26 | linux (187) · debian gnu/linux (85) · gpac (21) | — | |
| 2 | ооо «ред софт» | 238 | 9 | · | · | PoC 24 | ред ос (238) · ред база данных (9) | — | |
| 3 | linux | 186 | · | · | · | PoC 7 | linux (186) · linux kernel (186) | — | |
| 4 | ооо «русбитех-астра» | 168 | 3 | · | · | PoC 19 | astra linux special edition (167) · astra linux common edition (30) | — | |
| 5 | microsoft | 124 | 8 | · | · | PoC 5 | windows server 2025 (server core installation) (68) · windows server 2025 (68) · windows server 2022, 23h2 edition (server core installation) (63) | — | |
| 6 | ао «ивк» | 103 | 3 | · | · | PoC 11 | альт сп 10 (84) · альт 8 сп (47) | — | |
| 7 | maven | 81 | 10 | · | 4 | Nuclei 4PoC 5 | com.liferay.portal:release.portal.bom (20) · org.pytorch:executorch-android (5) · com.liferay.portal:release.dxp.bom (5) | — | |
| 8 | adobe | 79 | 1 | 1 | · | KEV 1PoC 1 | adobe indesign (15) · indesign (14) · indesign desktop (14) | — | |
| 9 | redhat | 79 | 2 | · | · | PoC 10 | red hat enterprise linux (62) · red hat enterprise linux 9 (8) · red hat enterprise linux 8 (7) | — | |
| 10 | debian | 77 | 1 | · | · | ×6.4PoC 5 | debian linux (76) · devscripts (1) | — | |
| 11 | go | 75 | 6 | · | · | PoC 3 | github.com/mattermost/mattermost-plugin-confluence (13) · github.com/mattermost/mattermost/server/v8 (9) · github.com/mattermost/mattermost-server (9) | — | |
| 12 | pypi | 75 | 9 | · | · | PoC 9 | picklescan (29) · executorch (6) · apache-superset (4) | — | |
| 13 | ао "нппкт" | 75 | 3 | · | · | PoC 13 | осон основа оnyx (75) | — | |
| 14 | canonical | 72 | 1 | · | · | PoC 6 | ubuntu (72) | — | |
| 15 | ао «сбертех» | 72 | · | · | · | PoC 6 | platform v sberlinux os server (69) · субд «platform v pangolin db» (3) | — | |
| 16 | code-projects | 54 | · | · | · | PoC 54 | online medicine guide (12) · human resource integrated system (7) · simple grading system (6) | — | |
| 17 | itsourcecode | 53 | · | · | · | PoC 53 | apartment management system (28) · online tour and travel management system (20) · sports management system (3) | — | |
| 18 | huawei | 52 | · | · | · | ×3.7 | harmonyos (49) · emui (12) · enzoh-w5611t firmware (3) | — | |
| 19 | 51 | 5 | · | · | PoC 1 | android (30) · chrome (16) · google chrome (16) | — | ||
| 20 | npm | 51 | 9 | · | 5 | Nuclei 5PoC 12 | @anthropic-ai/claude-code (3) · next (3) · flowise (3) | — | |
| 21 | linksys | 50 | · | · | · | NEWPoC 47 | re6300 firmware (43) · re6350 (43) · re6350 firmware (43) | — | |
| 22 | cisco | 48 | 1 | · | · | PoC 48 | cisco firepower threat defense software (22) · cisco adaptive security appliance (asa) software (18) · firepower threat defense (17) | — | |
| 23 | portabilis | 48 | · | · | · | NEWPoC 45 | i-educar (36) · i-diario (12) | — | |
| 24 | tenda | 47 | 4 | · | · | PoC 32 | ac6 firmware (12) · ac20 firmware (9) · ac20 (9) | — | |
| 25 | liferay | 46 | 2 | · | 1 | Nuclei 1 | dxp (46) · digital experience platform (45) · portal (45) | — | |
| 26 | nvidia | 43 | 3 | · | · | ×3.9 | triton inference server (17) · nvidia triton inference server (17) · gpu display drivers (12) | — | |
| 27 | qnap | 43 | 1 | · | · | qsync central (14) · file station 5 (12) · file station (12) | — | ||
| 28 | packagist | 39 | 4 | · | 3 | Nuclei 3PoC 15 | magento/community-edition (6) · magento/project-community-edition (6) · unopim/unopim (5) | — | |
| 29 | linksys holdings, inc. | 37 | · | · | · | NEWPoC 34 | re6300 (31) · re7000 (31) · re6250 (31) | — | |
| 30 | ibm | 35 | 1 | · | · | websphere application server (5) · concert (5) · concert software (5) | — | ||
| 31 | shenzhen tenda technology co., ltd. | 32 | 3 | · | · | PoC 27 | tenda ac20 (9) · tenda ch22 (4) · tenda ac6 v2.0 (4) | — | |
| 32 | novell inc. | 31 | · | · | · | PoC 7 | suse linux enterprise server (27) · suse linux enterprise server for sap applications (27) · suse linux enterprise desktop (27) | — | |
| 33 | dlink | 30 | 7 | · | · | PoC 15 | dsl-7740c (9) · dsl-7740c firmware (9) · dir-619l firmware (4) | — | |
| 34 | siemens | 30 | 1 | · | · | smartclient modules opcenter ql home (sc) (7) · soa audit (7) · soa cockpit (7) | — | ||
| 35 | jvckenwood | 29 | · | · | · | NEW | dmx958xr firmware (29) | — | |
| 36 | kenwood | 29 | · | · | · | NEW | dmx958xr (29) | — | |
| 37 | admerc | 28 | · | · | · | NEWPoC 28 | apartment management system (28) | — | |
| 38 | dell | 28 | 2 | · | 1 | Nuclei 1PoC 1 | data domain operating system (5) · powerprotect data domain feature release (5) · powerprotect data domain lts 2023 (5) | — | |
| 39 | sourcecodester | 28 | · | · | · | PoC 26 | covid 19 testing management system (7) · online bank management system (5) · advanced school management system (3) | — | |
| 40 | anisha | 24 | · | · | · | NEWPoC 24 | online medicine guide (12) · wazifa system (4) · job diary (3) | — | |
| 41 | libbiosig project | 24 | 22 | · | · | PoC 9 | libbiosig (24) | — | |
| 42 | qualcomm | 24 | · | · | · | wcd9380 firmware (21) · fastconnect 6900 firmware (21) · fastconnect 7800 firmware (20) | — | ||
| 43 | qualcomm, inc. | 24 | · | · | · | snapdragon (24) | — | ||
| 44 | the biosig project | 24 | 22 | · | · | PoC 9 | libbiosig (24) | — | |
| 45 | campcodes | 23 | · | · | 1 | Nuclei 1PoC 20 | online loan management system (7) · online water billing system (4) · online flight booking management system (3) | — | |
| 46 | intel | 22 | · | · | · | intel core ultra processor (series 1) (4) · intel core ultra processors (series 2) (4) · 4th gen intel xeon scalable processors (4) | — | ||
| 47 | mattermost | 22 | · | · | · | confluence (13) · mattermost confluence plugin (13) · mattermost (9) | — | ||
| 48 | apache software foundation | 21 | 3 | · | · | PoC 2 | apache superset (4) · superset (4) · apache zeppelin (3) | — | |
| 49 | mozilla | 21 | 6 | · | · | firefox (19) · thunderbird (7) · firefox esr (7) | — | ||
| 50 | apache | 20 | 3 | · | · | PoC 2 | superset (4) · zeppelin (3) · tomcat (2) | — |
Sectors
Solution categories ranked by distinct CVE count this period.
- Web & CMS Plugins882 CVE77 crit1 KEV429 vendorsCVSS 7.4dxp (46) · digital experience platform (45) · portal (45)
- Enterprise Software617 CVE57 crit6 KEV144 vendorsCVSS 7.3apartment management system (28) · directory manager (6) · easy hosting control panel (6)
- Operating Systems584 CVE139 crit36 vendorsCVSS 7.5linux (373) · ред ос (238) · linux kernel (186)
- OSS Libraries496 CVE110 crit3 KEV107 vendorsCVSS 7.8libbiosig (48) · imagemagick (14) · gstreamer (10)
- Networking Infrastructure318 CVE104 crit10 KEV77 vendorsCVSS 7.8re6250 (74) · re6300 (74) · re6350 (74)
- Hardware Firmware240 CVE84 crit51 vendorsCVSS 8.5dmx958xr (29) · dmx958xr firmware (29) · qsync central (28)
- Consumer Software185 CVE32 crit5 KEV68 vendorsCVSS 7.8adobe indesign (15) · indesign (14) · indesign desktop (14)
- Mobile Apps129 CVE14 crit7 KEV12 vendorsCVSS 7.5harmonyos (49) · android (34) · chrome (16)
- ICS / OT / IoT126 CVE43 crit49 vendorsCVSS 7.6scada-lts (23) · advanced reporting and dashboards module (5) · ecostruxure power monitoring expert (5)
- Cloud & SaaS113 CVE27 crit4 KEV61 vendorsCVSS 8.4covid19 testing management system (7) · n8n (4) · cursor (2)
- Security Products107 CVE16 crit3 KEV46 vendorsCVSS 8.3openbao (7) · unified pam (4) · wl20 biometric attendance system (4)
- DevTools & CI68 CVE3 crit25 vendorsCVSS 7.6netwide assember (5) · netwide assembler (5) · tcpreplay (5)
- Communications53 CVE11 crit9 KEV33 vendorsCVSS 7.8confluence (13) · mattermost confluence plugin (13) · mattermost confluence (11)
- AI / ML44 CVE22 crit28 vendorsCVSS 9.2cursor (6) · agent-zero (2) · flowise (2)
- Databases31 CVE8 crit13 vendorsCVSS 7.7postgres pro certified (3) · postgres pro enterprise (3) · postgresql (3)
- Unclassified326 CVE48 crit189 vendorsCVSS 7.1online medicine guide (12) · ss1 (8) · alpine ilx-507 (7)
| Sector | CVEs | Crit | KEV | Vendors | Products | Avg CVSS | Top products |
|---|---|---|---|---|---|---|---|
| Web & CMS Plugins▸ 6 | 882 | 77 | 1 | 429 | 613 | 7.4 | dxp (46) · digital experience platform (45) · portal (45) |
| Enterprise Software▸ 7 | 617 | 57 | 6 | 144 | 585 | 7.3 | apartment management system (28) · directory manager (6) · easy hosting control panel (6) |
| Operating Systems▸ 5 | 584 | 139 | · | 36 | 358 | 7.5 | linux (373) · ред ос (238) · linux kernel (186) |
| OSS Libraries▸ 10 | 496 | 110 | 3 | 107 | 343 | 7.8 | libbiosig (48) · imagemagick (14) · gstreamer (10) |
| Networking Infrastructure▸ 5 | 318 | 104 | 10 | 77 | 307 | 7.8 | re6250 (74) · re6300 (74) · re6350 (74) |
| Hardware Firmware▸ 5 | 240 | 84 | · | 51 | 1,611 | 8.5 | dmx958xr (29) · dmx958xr firmware (29) · qsync central (28) |
| Consumer Software▸ 5 | 185 | 32 | 5 | 68 | 138 | 7.8 | adobe indesign (15) · indesign (14) · indesign desktop (14) |
| Mobile Apps▸ 3 | 129 | 14 | 7 | 12 | 40 | 7.5 | harmonyos (49) · android (34) · chrome (16) |
| ICS / OT / IoT▸ 6 | 126 | 43 | · | 49 | 320 | 7.6 | scada-lts (23) · advanced reporting and dashboards module (5) · ecostruxure power monitoring expert (5) |
| Cloud & SaaS▸ 5 | 113 | 27 | 4 | 61 | 73 | 8.4 | covid19 testing management system (7) · n8n (4) · cursor (2) |
| Security Products▸ 6 | 107 | 16 | 3 | 46 | 149 | 8.3 | openbao (7) · unified pam (4) · wl20 biometric attendance system (4) |
| DevTools & CI▸ 5 | 68 | 3 | · | 25 | 31 | 7.6 | netwide assember (5) · netwide assembler (5) · tcpreplay (5) |
| Communications▸ 4 | 53 | 11 | 9 | 33 | 41 | 7.8 | confluence (13) · mattermost confluence plugin (13) · mattermost confluence (11) |
| AI / ML▸ 4 | 44 | 22 | · | 28 | 30 | 9.2 | cursor (6) · agent-zero (2) · flowise (2) |
| Databases▸ 4 | 31 | 8 | · | 13 | 30 | 7.7 | postgres pro certified (3) · postgres pro enterprise (3) · postgresql (3) |
| Unclassified | 326 | 48 | · | 189 | 227 | 7.1 | online medicine guide (12) · ss1 (8) · alpine ilx-507 (7) |
Which weaknesses hit which solution categories in August 2025
Cells shaded by share of the sector's hottest weakness. Click a row to open the sector history.