month report

April 2025

Data as of Jun 4, 2026, 13:26 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

April 2025 closed with 4,282 published CVEs — +13.6% YoY . 330 criticals, 15 added to CISA KEV (4 ransomware-linked). сообщество свободного программного обеспечения led volume, mostly via linux. Biggest breakout: ао «сбертех» at ×11.1 their 12-month median. Top weakness class — CWE-79 (796 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

4,282

— MoM+13.6% YoY

Severity mix

330 / 1,564

critical / high

KEV added

4 ransomware-linked

Nuclei coverage

32.2%

1,379 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

330.5

n=1,379

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

n=16

Detection gap

KEV pressure, no Nuclei coverage

April 2025 · vendors with active exploitation listed by CISA but no public detection template.

KEV 2apple26 CVE
KEV 1microsoft corp140 CVE
KEV 1microsoft134 CVE

Weakness × Vendor

What's spreading where in April 2025

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

Breakout vendors

CVE count ≥3× their own 12-period median.

11.1×ао «сбертех»122 CVE
9.0×code-projects63 CVE
4.7×hcltech28 CVE
4.6×phpgurukul83 CVE
4.4×siemens ag80 CVE
3.5×hcl software30 CVE
3.5×siemens81 CVE
3.4×мартин догиамас17 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#34growatt30 CVE
#45pcman24 CVE
#50codeprojects20 CVE
#56larry gritz19 CVE
#57drupal18 CVE
#58gnome foundation18 CVE
#62мартин догиамас17 CVE
#65bosch rexroth ag15 CVE
#72senior-walter14 CVE
#74the wikimedia foundation14 CVE

Top vendors

Ranked by distinct CVE count this period.

1сообщество свободного программного обеспечения—
390 CVE16 critCVSS 6.1
KEV 2Nuclei 5PoC 27
linux (268) · debian gnu/linux (142) · xwiki platform (10)
2ооо «русбитех-астра»—
283 CVE4 critCVSS 6.0
KEV 1Nuclei 1PoC 10
astra linux special edition (282) · astra linux common edition (48) · пк "ald pro" (1)
3linux—
280 CVECVSS 5.9
PoC 1
linux (280) · linux kernel (280)
4ооо «ред софт»—
239 CVE7 critCVSS 6.1
KEV 1Nuclei 2PoC 16
ред ос (239)
5ао "нппкт"—
222 CVE5 critCVSS 6.2
KEV 1Nuclei 1PoC 11
осон основа оnyx (222)
6microsoft corp—
140 CVECVSS 7.5
KEV 1PoC 2
windows server 2025 (83) · windows server 2025 (server core installation) (82) · windows server 2022 (server core installation) (76)
7microsoft—
134 CVE2 critCVSS 7.5
KEV 1PoC 2
windows server 2025 (server core installation) (82) · windows server 2025 (82) · windows server 2022 (76)
8ао «сбертех»—
122 CVE2 critCVSS 6.0
×11.1PoC 4
platform v sberlinux os server (122)
9red hat inc.—
117 CVE2 critCVSS 5.9
PoC 11
red hat enterprise linux (115) · red hat openshift container platform (3) · red hat build of openjdk (3)
10ао «ивк»—
104 CVE3 critCVSS 6.0
PoC 3
альт сп 10 (94) · альт 8 сп (22)
11canonical ltd.—
93 CVECVSS 6.0
PoC 5
ubuntu (92) · ubuntu's gnome-control-center (1)
12phpgurukul—
83 CVE5 critCVSS 7.1
×4.6PoC 72
men salon management system (14) · covid19 testing management system (10) · e-diary management system (8)
13siemens—
81 CVE8 critCVSS 8.7
×3.5
telecontrol server basic (68) · sentron 7kt pac1260 data manager (9) · 7kt pac1260 data manager firmware (9)
14siemens ag—
80 CVE8 critCVSS 8.7
×4.4
telecontrol server basic (67) · sentron 7kt pac1260 (9) · siemens license server (sls) (2)
15oracle—
73 CVE1 critCVSS 5.8
PoC 1
mysql server (27) · mysql cluster (6) · graalvm for jdk (3)
16oracle corporation—
73 CVE1 critCVSS 5.8
PoC 1
mysql server (27) · mysql cluster (6) · oracle database server (5)
17code-projects—
63 CVECVSS 6.1
×9.0PoC 63
patient record management system (13) · online restaurant management system (13) · blood bank management system (5)
18packagist—
59 CVE8 critCVSS 6.2
KEV 2Nuclei 7PoC 10
moodle/moodle (16) · yeswiki/yeswiki (8) · shopware/platform (5)
19go—
56 CVE7 critCVSS 6.3
Nuclei 1PoC 2
github.com/mattermost/mattermost/server/v8 (13) · github.com/rancher/rancher (9) · github.com/osrg/gobgp/v3 (4)
20maven—
56 CVE10 critCVSS 6.7
Nuclei 5PoC 10
org.keycloak:keycloak-services (4) · org.opencms:opencms-core (3) · org.apereo.cas:cas-management-webapp-support (2)
21adobe—
52 CVE4 critCVSS 6.6
coldfusion (15) · framemaker (10) · adobe framemaker (10)
22novell inc.—
52 CVE2 critCVSS 6.4
PoC 9
suse linux enterprise server (46) · suse linux enterprise server for sap applications (45) · opensuse leap (44)
23adobe systems inc.—
51 CVE4 critCVSS 6.4
coldfusion (15) · adobe framemaker (10) · adobe after effects (6)
24oracle corp.—
50 CVE1 critCVSS 6.2
PoC 1
mysql server (16) · database server (5) · e-business suite (4)
25npm—
47 CVE2 critCVSS 6.3
Nuclei 2PoC 4
tarteaucitronjs (3) · react-router (2) · mathlive (2)
26totolink—
47 CVE11 critCVSS 7.6
PoC 33
a810r firmware (12) · a810r (12) · a3100r (11)
27ibm—
36 CVE1 critCVSS 5.6
aspera console (6) · txseries for multiplatforms (4) · infosphere information server (3)
28pypi—
36 CVE11 critCVSS 7.4
KEV 1Nuclei 1PoC 5
vllm (5) · picklescan (4) · bentoml (2)
29sourcecodester—
35 CVECVSS 5.5
PoC 34
web-based pharmacy product management system (15) · online eyewear shop (5) · apartment visitor management system (5)
30qualcomm—
34 CVECVSS 7.2
fastconnect 6900 firmware (28) · wcd9380 firmware (28) · fastconnect 7800 firmware (26)
31qualcomm, inc.—
34 CVECVSS 7.4
snapdragon (34)
32red hat—
34 CVE1 critCVSS 6.6
PoC 2
red hat enterprise linux 9 (28) · red hat enterprise linux 8 (28) · red hat enterprise linux 6 (27)
33unknown—
32 CVE1 critCVSS 5.5
Nuclei 31PoC 32
ultimate dashboard (3) · wp multitasking (2) · user registration & membership (2)
34growatt—
30 CVE2 critCVSS 5.9
NEW
cloud portal (30)
35hcl software—
30 CVECVSS 5.0
×3.5
hcl leap (10) · hcl domino leap (6) · hcl domino volt (3)
36hcltech—
28 CVECVSS 5.0
×4.7
hcl leap (10) · domino leap (9) · bigfix platform (3)
37oretnom23—
28 CVE5 critCVSS 6.7
PoC 24
online id generator system (7) · online eyewear shop (5) · apartment visitor management system (5)
38apple—
26 CVE2 critCVSS 6.8
KEV 2PoC 4
macos (22) · iphone os (20) · ios and ipados (20)
39dell—
26 CVE1 critCVSS 6.7
powerscale onefs (6) · wyse management suite (5) · powerprotect data manager (3)
40google—
26 CVECVSS 7.2
PoC 3
chrome (13) · chromeos (7) · android (7)
41mozilla—
26 CVE1 critCVSS 6.8
thunderbird (23) · firefox (22) · firefox focus (1)
42google inc—
25 CVECVSS 7.0
PoC 3
google chrome (11) · android (7) · chrome os (6)
43crates.io—
24 CVE1 critCVSS 6.9
surrealdb (8) · apollo-router (4) · gix-index (1)
44mozilla corp.—
24 CVE1 critCVSS 6.9
thunderbird (23) · firefox (18) · firefox esr (10)
45pcman—
24 CVECVSS 7.3
NEWPoC 23
ftp server (24)
46tenda—
24 CVE5 critCVSS 8.0
PoC 17
ac10 firmware (7) · w12 firmware (5) · w12 (5)
47juniper—
21 CVECVSS 6.6
PoC 21
junos (21) · junos os evolved (9)
48juniper networks—
21 CVECVSS 6.6
PoC 21
junos os (21) · junos os evolved (9)
49juniper networks inc.—
21 CVECVSS 6.6
PoC 21
junos (21) · junos os evolved (9)
50codeprojects—
20 CVECVSS 7.0
NEWPoC 20
online restaurant management system (16) · news publishing site dashboard (2) · patient record management system (1)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	сообщество свободного программного обеспечения	390	16	2	5	KEV 2Nuclei 5PoC 27	linux (268) · debian gnu/linux (142) · xwiki platform (10)	—
2	ооо «русбитех-астра»	283	4	1	1	KEV 1Nuclei 1PoC 10	astra linux special edition (282) · astra linux common edition (48) · пк "ald pro" (1)	—
3	linux	280	·	·	·	PoC 1	linux (280) · linux kernel (280)	—
4	ооо «ред софт»	239	7	1	2	KEV 1Nuclei 2PoC 16	ред ос (239)	—
5	ао "нппкт"	222	5	1	1	KEV 1Nuclei 1PoC 11	осон основа оnyx (222)	—
6	microsoft corp	140	·	1	·	KEV 1PoC 2	windows server 2025 (83) · windows server 2025 (server core installation) (82) · windows server 2022 (server core installation) (76)	—
7	microsoft	134	2	1	·	KEV 1PoC 2	windows server 2025 (server core installation) (82) · windows server 2025 (82) · windows server 2022 (76)	—
8	ао «сбертех»	122	2	·	·	×11.1PoC 4	platform v sberlinux os server (122)	—
9	red hat inc.	117	2	·	·	PoC 11	red hat enterprise linux (115) · red hat openshift container platform (3) · red hat build of openjdk (3)	—
10	ао «ивк»	104	3	·	·	PoC 3	альт сп 10 (94) · альт 8 сп (22)	—
11	canonical ltd.	93	·	·	·	PoC 5	ubuntu (92) · ubuntu's gnome-control-center (1)	—
12	phpgurukul	83	5	·	·	×4.6PoC 72	men salon management system (14) · covid19 testing management system (10) · e-diary management system (8)	—
13	siemens	81	8	·	·	×3.5	telecontrol server basic (68) · sentron 7kt pac1260 data manager (9) · 7kt pac1260 data manager firmware (9)	—
14	siemens ag	80	8	·	·	×4.4	telecontrol server basic (67) · sentron 7kt pac1260 (9) · siemens license server (sls) (2)	—
15	oracle	73	1	·	·	PoC 1	mysql server (27) · mysql cluster (6) · graalvm for jdk (3)	—
16	oracle corporation	73	1	·	·	PoC 1	mysql server (27) · mysql cluster (6) · oracle database server (5)	—
17	code-projects	63	·	·	·	×9.0PoC 63	patient record management system (13) · online restaurant management system (13) · blood bank management system (5)	—
18	packagist	59	8	2	7	KEV 2Nuclei 7PoC 10	moodle/moodle (16) · yeswiki/yeswiki (8) · shopware/platform (5)	—
19	go	56	7	·	1	Nuclei 1PoC 2	github.com/mattermost/mattermost/server/v8 (13) · github.com/rancher/rancher (9) · github.com/osrg/gobgp/v3 (4)	—
20	maven	56	10	·	5	Nuclei 5PoC 10	org.keycloak:keycloak-services (4) · org.opencms:opencms-core (3) · org.apereo.cas:cas-management-webapp-support (2)	—
21	adobe	52	4	·	·		coldfusion (15) · framemaker (10) · adobe framemaker (10)	—
22	novell inc.	52	2	·	·	PoC 9	suse linux enterprise server (46) · suse linux enterprise server for sap applications (45) · opensuse leap (44)	—
23	adobe systems inc.	51	4	·	·		coldfusion (15) · adobe framemaker (10) · adobe after effects (6)	—
24	oracle corp.	50	1	·	·	PoC 1	mysql server (16) · database server (5) · e-business suite (4)	—
25	npm	47	2	·	2	Nuclei 2PoC 4	tarteaucitronjs (3) · react-router (2) · mathlive (2)	—
26	totolink	47	11	·	·	PoC 33	a810r firmware (12) · a810r (12) · a3100r (11)	—
27	ibm	36	1	·	·		aspera console (6) · txseries for multiplatforms (4) · infosphere information server (3)	—
28	pypi	36	11	1	1	KEV 1Nuclei 1PoC 5	vllm (5) · picklescan (4) · bentoml (2)	—
29	sourcecodester	35	·	·	·	PoC 34	web-based pharmacy product management system (15) · online eyewear shop (5) · apartment visitor management system (5)	—
30	qualcomm	34	·	·	·		fastconnect 6900 firmware (28) · wcd9380 firmware (28) · fastconnect 7800 firmware (26)	—
31	qualcomm, inc.	34	·	·	·		snapdragon (34)	—
32	red hat	34	1	·	·	PoC 2	red hat enterprise linux 9 (28) · red hat enterprise linux 8 (28) · red hat enterprise linux 6 (27)	—
33	unknown	32	1	·	31	Nuclei 31PoC 32	ultimate dashboard (3) · wp multitasking (2) · user registration & membership (2)	—
34	growatt	30	2	·	·	NEW	cloud portal (30)	—
35	hcl software	30	·	·	·	×3.5	hcl leap (10) · hcl domino leap (6) · hcl domino volt (3)	—
36	hcltech	28	·	·	·	×4.7	hcl leap (10) · domino leap (9) · bigfix platform (3)	—
37	oretnom23	28	5	·	·	PoC 24	online id generator system (7) · online eyewear shop (5) · apartment visitor management system (5)	—
38	apple	26	2	2	·	KEV 2PoC 4	macos (22) · iphone os (20) · ios and ipados (20)	—
39	dell	26	1	·	·		powerscale onefs (6) · wyse management suite (5) · powerprotect data manager (3)	—
40	google	26	·	·	·	PoC 3	chrome (13) · chromeos (7) · android (7)	—
41	mozilla	26	1	·	·		thunderbird (23) · firefox (22) · firefox focus (1)	—
42	google inc	25	·	·	·	PoC 3	google chrome (11) · android (7) · chrome os (6)	—
43	crates.io	24	1	·	·		surrealdb (8) · apollo-router (4) · gix-index (1)	—
44	mozilla corp.	24	1	·	·		thunderbird (23) · firefox (18) · firefox esr (10)	—
45	pcman	24	·	·	·	NEWPoC 23	ftp server (24)	—
46	tenda	24	5	·	·	PoC 17	ac10 firmware (7) · w12 firmware (5) · w12 (5)	—
47	juniper	21	·	·	·	PoC 21	junos (21) · junos os evolved (9)	—
48	juniper networks	21	·	·	·	PoC 21	junos os (21) · junos os evolved (9)	—
49	juniper networks inc.	21	·	·	·	PoC 21	junos (21) · junos os evolved (9)	—
50	codeprojects	20	·	·	·	NEWPoC 20	online restaurant management system (16) · news publishing site dashboard (2) · patient record management system (1)	—