month report

July 2025

Data as of Jun 4, 2026, 13:26 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

July 2025 closed with 4,086 published CVEs — +25.8% YoY . 368 criticals, 20 added to CISA KEV (4 ransomware-linked). сообщество свободного программного обеспечения led volume, mostly via linux. Biggest breakout: debian at ×40.2 their 12-month median. Top weakness class — CWE-79 (483 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

4,086

— MoM+25.8% YoY

Severity mix

368 / 1,455

critical / high

KEV added

4 ransomware-linked

Nuclei coverage

11.4%

467 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

233.4

n=467

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

n=14

Detection gap

KEV pressure, no Nuclei coverage

July 2025 · vendors with active exploitation listed by CISA but no public detection template.

KEV 3ооо «русбитех-астра»372 CVE
KEV 3ао "нппкт"236 CVE
KEV 3debian201 CVE
KEV 3apple84 CVE
KEV 2ао «сбертех»228 CVE
KEV 2ао «ивк»178 CVE
KEV 1linux401 CVE

Weakness × Vendor

What's spreading where in July 2025

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

Breakout vendors

CVE count ≥3× their own 12-period median.

40.2×debian201 CVE
18.2×irfanview91 CVE
14.7×code-projects154 CVE
10.8×campcodes65 CVE
4.5×fabian36 CVE
4.2×hp inc.21 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#14cadsofttools91 CVE
#15irfanview91 CVE
#32irfan skiljan42 CVE
#34anisha37 CVE
#42labredescefetrj31 CVE
#43wegia31 CVE
#45wikimedia foundation30 CVE
#55samsung electronics25 CVE
#58carmelo24 CVE
#66huawei technologies co., ltd.20 CVE

Top vendors

Ranked by distinct CVE count this period.

1сообщество свободного программного обеспечения—
536 CVE18 critCVSS 6.3
KEV 1Nuclei 2PoC 26
linux (406) · debian gnu/linux (140) · gpac (22)
2linux—
401 CVECVSS 6.1
KEV 1PoC 1
linux (401) · linux kernel (401)
3ооо «ред софт»—
395 CVE6 critCVSS 6.3
KEV 3Nuclei 2PoC 15
ред ос (395)
4ооо «русбитех-астра»—
372 CVE8 critCVSS 6.5
KEV 3PoC 11
astra linux special edition (372) · astra linux common edition (47)
5red hat inc.—
282 CVE2 critCVSS 6.2
PoC 7
red hat enterprise linux (275) · red hat openshift container platform (7) · red hat jboss core services (6)
6ао "нппкт"—
236 CVE6 critCVSS 6.4
KEV 3PoC 7
осон основа оnyx (236)
7ао «сбертех»—
228 CVE3 critCVSS 6.2
KEV 2PoC 5
platform v sberlinux os server (228)
8debian—
201 CVECVSS 6.2
×40.2KEV 3PoC 1
debian linux (200) · dpkg (1)
9ао «ивк»—
178 CVE8 critCVSS 6.5
KEV 2PoC 7
альт 8 сп (131) · альт сп 10 (53)
10code-projects—
154 CVECVSS 7.0
×14.7PoC 154
exam form submission (20) · online appointment booking system (14) · church donation system (14)
11microsoft corp—
145 CVE3 critCVSS 7.6
KEV 4Nuclei 3PoC 4
windows server 2025 (server core installation) (97) · windows server 2025 (97) · windows server 2022, 23h2 edition (server core installation) (94)
12microsoft—
141 CVE5 critCVSS 7.6
KEV 3Nuclei 3PoC 3
windows server 2025 (97) · windows server 2025 (server core installation) (97) · windows server 2022 23h2 (94)
13canonical ltd.—
113 CVE2 critCVSS 6.3
PoC 5
ubuntu (112) · maas (1)
14cadsofttools—
91 CVECVSS 7.8
NEW
cadimage (91)
15irfanview—
91 CVECVSS 7.8
NEW×18.2
irfanview (91)
16phpgurukul—
86 CVECVSS 5.8
Nuclei 1PoC 84
vehicle parking management system (13) · apartment visitors management system (9) · online fire reporting system (9)
17oracle corp.—
85 CVE1 critCVSS 6.0
mysql server (20) · mysql (9) · e-business suite (9)
18apple—
84 CVE25 critCVSS 7.2
KEV 3
macos (78) · ipados (29) · ios and ipados (25)
19oracle—
77 CVE1 critCVSS 5.9
mysql (28) · jdk (7) · vm virtualbox (7)
20oracle corporation—
77 CVE1 critCVSS 5.7
mysql server (29) · oracle vm virtualbox (7) · oracle java se (7)
21adobe systems inc.—
73 CVE3 critCVSS 6.8
Nuclei 1
adobe framemaker (15) · coldfusion (13) · illustrator 2025 (10)
22adobe—
71 CVE3 critCVSS 6.8
Nuclei 1
framemaker (15) · adobe framemaker (15) · coldfusion (13)
23maven—
69 CVE6 critCVSS 6.7
Nuclei 1PoC 1
org.glassfish.main.admingui:console-common (5) · org.keycloak:keycloak-services (4) · org.jenkins-ci.plugins:applitools-eyes (3)
24novell inc.—
68 CVE2 critCVSS 6.3
PoC 8
opensuse leap (61) · suse linux enterprise server (60) · suse linux enterprise server for sap applications (59)
25campcodes—
65 CVECVSS 6.9
×10.8PoC 63
employee management system (10) · payroll management system (9) · courier management system (8)
26tenda—
63 CVECVSS 8.5
PoC 54
fh451 firmware (15) · fh451 (15) · o3v2 (10)
27npm—
59 CVE4 critCVSS 6.9
KEV 1Nuclei 2PoC 7
@haxtheweb/haxcms-nodejs (6) · directus (4) · @finos/git-proxy (4)
28shenzhen tenda technology co., ltd.—
57 CVECVSS 8.5
PoC 49
tenda fh451 (14) · tenda o3 (10) · tenda fh1201 (8)
29ibm—
54 CVECVSS 6.1
db2 (8) · openpages with watson (6) · smartcloud analytics log analysis (4)
30pypi—
51 CVE5 critCVSS 7.0
Nuclei 1PoC 18
transformers (5) · pyload-ng (5) · openexr (3)
31apple inc.—
44 CVE14 critCVSS 7.1
macos (39) · ipados (21) · ios (17)
32irfan skiljan—
42 CVECVSS 7.7
NEW
irfanview (42)
33samsung—
41 CVE12 critCVSS 7.9
magicinfo 9 server (18) · android (12) · data management server firmware (6)
34anisha—
37 CVECVSS 7.3
NEWPoC 37
online appointment booking system (14) · job diary (5) · jonnys liquor (3)
35crates.io—
36 CVECVSS 4.1
sequoia-openpgp (4) · cosmwasm-std (2) · curve25519-dalek (2)
36fabian—
36 CVECVSS 6.5
×4.5PoC 36
voting system (7) · online ordering system (7) · chat system (5)
37go—
34 CVE7 critCVSS 7.3
Nuclei 2PoC 4
github.com/mattermost/mattermost/server/v8 (3) · github.com/lf-edge/ekuiper/v2 (3) · github.com/mattermost/mattermost-server (3)
38totolink—
33 CVE3 critCVSS 8.1
PoC 30
t6 firmware (13) · t6 (13) · a702r firmware (6)
39jenkins—
32 CVECVSS 6.0
applitools eyes (3) · xooa (2) · apica loadtest (2)
40ibm corp.—
31 CVECVSS 5.9
ibm db2 connect server (8) · ibm db2 (8) · ibm openpages (5)
41jenkins project—
31 CVECVSS 5.9
jenkins applitools eyes plugin (3) · jenkins qmetry test management plugin (2) · jenkins readyapi functional testing plugin (2)
42labredescefetrj—
31 CVE3 critCVSS 7.1
NEWPoC 15
wegia (31)
43wegia—
31 CVE3 critCVSS 7.1
NEWPoC 15
wegia (31)
44cd foundation—
30 CVECVSS 5.9
applitools eyes (3) · sensedia api platform tools (2) · statistics gatherer (2)
45wikimedia foundation—
30 CVE3 critCVSS 6.4
NEWPoC 1
mediawiki - checkuser extension (3) · mediawiki - securepoll extension (3) · mediawiki - abusefilter extension (3)
46sap—
29 CVE5 critCVSS 6.1
sapcar (4) · sap netweaver (4) · sap business warehouse (4)
47sap_se—
28 CVE5 critCVSS 6.1
sapcar (4) · sap netweaver application server for abap (2) · sap businessobjects content administrator workbench (1)
48d-link corp.—
27 CVE2 critCVSS 7.3
PoC 23
dir-513 (7) · di-8100 (6) · di-8200 (3)
49red hat—
27 CVECVSS 6.5
red hat enterprise linux 9 (19) · red hat enterprise linux 8 (19) · red hat enterprise linux 10 (18)
50dlink—
26 CVE3 critCVSS 7.4
PoC 22
dir-513 firmware (6) · di-8100 firmware (6) · di-8200 firmware (3)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	сообщество свободного программного обеспечения	536	18	1	2	KEV 1Nuclei 2PoC 26	linux (406) · debian gnu/linux (140) · gpac (22)	—
2	linux	401	·	1	·	KEV 1PoC 1	linux (401) · linux kernel (401)	—
3	ооо «ред софт»	395	6	3	2	KEV 3Nuclei 2PoC 15	ред ос (395)	—
4	ооо «русбитех-астра»	372	8	3	·	KEV 3PoC 11	astra linux special edition (372) · astra linux common edition (47)	—
5	red hat inc.	282	2	·	·	PoC 7	red hat enterprise linux (275) · red hat openshift container platform (7) · red hat jboss core services (6)	—
6	ао "нппкт"	236	6	3	·	KEV 3PoC 7	осон основа оnyx (236)	—
7	ао «сбертех»	228	3	2	·	KEV 2PoC 5	platform v sberlinux os server (228)	—
8	debian	201	·	3	·	×40.2KEV 3PoC 1	debian linux (200) · dpkg (1)	—
9	ао «ивк»	178	8	2	·	KEV 2PoC 7	альт 8 сп (131) · альт сп 10 (53)	—
10	code-projects	154	·	·	·	×14.7PoC 154	exam form submission (20) · online appointment booking system (14) · church donation system (14)	—
11	microsoft corp	145	3	4	3	KEV 4Nuclei 3PoC 4	windows server 2025 (server core installation) (97) · windows server 2025 (97) · windows server 2022, 23h2 edition (server core installation) (94)	—
12	microsoft	141	5	3	3	KEV 3Nuclei 3PoC 3	windows server 2025 (97) · windows server 2025 (server core installation) (97) · windows server 2022 23h2 (94)	—
13	canonical ltd.	113	2	·	·	PoC 5	ubuntu (112) · maas (1)	—
14	cadsofttools	91	·	·	·	NEW	cadimage (91)	—
15	irfanview	91	·	·	·	NEW×18.2	irfanview (91)	—
16	phpgurukul	86	·	·	1	Nuclei 1PoC 84	vehicle parking management system (13) · apartment visitors management system (9) · online fire reporting system (9)	—
17	oracle corp.	85	1	·	·		mysql server (20) · mysql (9) · e-business suite (9)	—
18	apple	84	25	3	·	KEV 3	macos (78) · ipados (29) · ios and ipados (25)	—
19	oracle	77	1	·	·		mysql (28) · jdk (7) · vm virtualbox (7)	—
20	oracle corporation	77	1	·	·		mysql server (29) · oracle vm virtualbox (7) · oracle java se (7)	—
21	adobe systems inc.	73	3	·	1	Nuclei 1	adobe framemaker (15) · coldfusion (13) · illustrator 2025 (10)	—
22	adobe	71	3	·	1	Nuclei 1	framemaker (15) · adobe framemaker (15) · coldfusion (13)	—
23	maven	69	6	·	1	Nuclei 1PoC 1	org.glassfish.main.admingui:console-common (5) · org.keycloak:keycloak-services (4) · org.jenkins-ci.plugins:applitools-eyes (3)	—
24	novell inc.	68	2	·	·	PoC 8	opensuse leap (61) · suse linux enterprise server (60) · suse linux enterprise server for sap applications (59)	—
25	campcodes	65	·	·	·	×10.8PoC 63	employee management system (10) · payroll management system (9) · courier management system (8)	—
26	tenda	63	·	·	·	PoC 54	fh451 firmware (15) · fh451 (15) · o3v2 (10)	—
27	npm	59	4	1	2	KEV 1Nuclei 2PoC 7	@haxtheweb/haxcms-nodejs (6) · directus (4) · @finos/git-proxy (4)	—
28	shenzhen tenda technology co., ltd.	57	·	·	·	PoC 49	tenda fh451 (14) · tenda o3 (10) · tenda fh1201 (8)	—
29	ibm	54	·	·	·		db2 (8) · openpages with watson (6) · smartcloud analytics log analysis (4)	—
30	pypi	51	5	·	1	Nuclei 1PoC 18	transformers (5) · pyload-ng (5) · openexr (3)	—
31	apple inc.	44	14	·	·		macos (39) · ipados (21) · ios (17)	—
32	irfan skiljan	42	·	·	·	NEW	irfanview (42)	—
33	samsung	41	12	·	·		magicinfo 9 server (18) · android (12) · data management server firmware (6)	—
34	anisha	37	·	·	·	NEWPoC 37	online appointment booking system (14) · job diary (5) · jonnys liquor (3)	—
35	crates.io	36	·	·	·		sequoia-openpgp (4) · cosmwasm-std (2) · curve25519-dalek (2)	—
36	fabian	36	·	·	·	×4.5PoC 36	voting system (7) · online ordering system (7) · chat system (5)	—
37	go	34	7	·	2	Nuclei 2PoC 4	github.com/mattermost/mattermost/server/v8 (3) · github.com/lf-edge/ekuiper/v2 (3) · github.com/mattermost/mattermost-server (3)	—
38	totolink	33	3	·	·	PoC 30	t6 firmware (13) · t6 (13) · a702r firmware (6)	—
39	jenkins	32	·	·	·		applitools eyes (3) · xooa (2) · apica loadtest (2)	—
40	ibm corp.	31	·	·	·		ibm db2 connect server (8) · ibm db2 (8) · ibm openpages (5)	—
41	jenkins project	31	·	·	·		jenkins applitools eyes plugin (3) · jenkins qmetry test management plugin (2) · jenkins readyapi functional testing plugin (2)	—
42	labredescefetrj	31	3	·	·	NEWPoC 15	wegia (31)	—
43	wegia	31	3	·	·	NEWPoC 15	wegia (31)	—
44	cd foundation	30	·	·	·		applitools eyes (3) · sensedia api platform tools (2) · statistics gatherer (2)	—
45	wikimedia foundation	30	3	·	·	NEWPoC 1	mediawiki - checkuser extension (3) · mediawiki - securepoll extension (3) · mediawiki - abusefilter extension (3)	—
46	sap	29	5	·	·		sapcar (4) · sap netweaver (4) · sap business warehouse (4)	—
47	sap_se	28	5	·	·		sapcar (4) · sap netweaver application server for abap (2) · sap businessobjects content administrator workbench (1)	—
48	d-link corp.	27	2	·	·	PoC 23	dir-513 (7) · di-8100 (6) · di-8200 (3)	—
49	red hat	27	·	·	·		red hat enterprise linux 9 (19) · red hat enterprise linux 8 (19) · red hat enterprise linux 10 (18)	—
50	dlink	26	3	·	·	PoC 22	dir-513 firmware (6) · di-8100 firmware (6) · di-8200 firmware (3)	—