The second most impacted class had been network-edge units with 77 KEVs. This class contains community security home equipment, routers, firewalls, and VPN gateways, which have been a rising goal over the previous couple of years, particularly for nation-state cyberespionage teams.
Server software program (61 KEVs), open-source software program (55), and working methods (38) full the highest 5 most focused classes, with {hardware} units — together with digital camera methods, DVRs, NVRs, IP telephones, and different embedded units — coming in sixth. VulnCheck notes that most of the flaws within the {hardware} gadget class got here from assault information collected by Shadowserver, highlighting that exposing such units on to the web isn’t a good suggestion.
By way of distributors, Microsoft was probably the most focused, with 32 KEVs, 26 of which had been for Home windows, adopted by Cisco (10), and Apple, Totolink, and VMware, every with six KEVs. It’s price noting although that not all new KEVs are new vulnerabilities. Whereas 1 in 3 had been zero-days or 1-days, many are older vulnerabilities that simply began to be exploited in 2025, placing them on the brand new KEV listing.
