Vulnerability Report - April 2025
Introduction
This vulnerability report has been generated using data aggregated on Vulnerability-Lookup, with contributions from the platform’s community.
It highlights the most frequently mentioned vulnerability for April 2025, based on sightings collected from various sources, including MISP, Exploit-DB, Bluesky, Mastodon, GitHub Gists, The Shadowserver Foundation, Nuclei, and more. For further details, please visit this page.
The final section focuses on exploitations observed through The Shadowserver Foundation’s honeypot network.
Top 10 vulnerabilities of the month
| Vulnerability | Vendor | Product | Count | Severity |
|---|---|---|---|---|
| CVE-2025-22457 | Ivanti | Connect Secure | 188 | 9 |
| CVE-2025-32433 | erlang | otp | 119 | 10 |
| CVE-2025-31324 | SAP | SAP NetWeaver | 101 | 10 |
| CVE-2025-31161 | CrushFTP | CrushFTP | 108 | 9.8 |
| CVE-2025-29824 | Microsoft | Windows 10 Version 1809 | 85 | 7.8 |
| CVE-2025-24054 | Microsoft | Windows 10 Version 1809 | 79 | 6.5 |
| CVE-2025-30406 | Gladinet | CentreStack | 64 | 9 |
| CVE-2025-24200 | Apple | iPadOS | 61 | 6.1 |
| CVE-2017-18368 | ZyXEL | p660hn-t1a_v1, p660hn-t1a_v2, 5200w-t | 60 | 9.8 |
| CVE-2015-2051 | dlink | dir-645 | 60 | 8.8 |
A scanner is available for CVE-2025-31324 (SAP):
- https://gist.github.com/avishaifrad/f4e23a97156b1905a7ec8b962a9f2bc8
- https://github.com/Onapsis/Onapsis_CVE-2025-31324_Scanner_Tools
You can create a notification for this SAP product to get alerts about new activity.
CVE-2017-18368 and CVE-2015-2051 are continuously exploited, with a recent increase in activity.
Evolution per week
Week 14
Ranking
Week 15
Ranking
| Vulnerability | Vendor | Product | Count | Severity |
|---|---|---|---|---|
| CVE-2025-29824 | Microsoft | Windows 10 Version 1809 | 59 | 7.8 |
| CVE-2025-22457 | Ivanti | Connect Secure | 55 | 9.0 |
| CVE-2025-24200 | Apple | iPadOS | 46 | 6.1 |
| CVE-2024-53197 | Linux | Linux | 42 | 7.8 |
| CVE-2025-31161 | CrushFTP | CrushFTP | 38 | 9.8 |
| CVE-2024-53150 | Linux | Linux | 36 | 7.8 |
| CVE-2024-48887 | Fortinet | FortiSwitch | 31 | 9.8 |
| CVE-2024-0132 | NVIDIA | Container Toolkit | 24 | 9 |
| CVE-2025-0108 | Palo Alto Networks | Cloud NGFW | 18 | 8.8 |
Insights from contributors
- Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)
- Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure
Week 16
Ranking
| Vulnerability | Vendor | Product | Count | Severity |
|---|---|---|---|---|
| CVE-2025-32433 | erlang | otp | 70 | 10 |
| CVE-2025-24054 | Microsoft | Windows 10 Version 1809 | 58 | 7.8 |
| CVE-2025-31200 | Apple | visionOS | 49 | 7.5 |
| CVE-2025-30406 | Gladinet | CentreStack | 44 | 9 |
| CVE-2025-31201 | Apple | visionOS | 42 | 6.8 |
| CVE-2025-24859 | Apache Software Foundation | Apache Roller | 32 | 2.1 |
| CVE-2021-20035 | SonicWall | SMA100 | 26 | 6.5 |
| CVE-2025-29824 | Microsoft | Windows 10 Version 1809 | 24 | 7.8 |
| CVE-2025-22457 | Ivanti | Connect Secure | 23 | 9.0 |
| CVE-2024-56406 | perl | perl | 18 | 8.6 |
Insights from contributors
Week 17
Ranking
Insights from contributors
- Check if SAP system is vulnerable to CVE-2025-31324
- IBM WebSphere Application Server is vulnerable to server-side request forgery
- Path Traversal Vulnerability in Surveillance Software - Luxembourg and Belgium notified
CVEs with appearances from week 14 to 17
Persistent ones (appear in at least 2 weeks):
- CVE-2025-22457 – Week 14, 15, 16, 17
- CVE-2025-31161 – Week 14, 15, 17
- CVE-2025-29824 – Week 15, 16
- CVE-2025-24054 – Week 16, 17
Appear only once
Week 14 only:
- CVE-2025-30065, CVE-2025-24813, CVE-2025-1268, CVE-2024-20439, CVE-2025-1974
Week 15 only:
- CVE-2025-24200, CVE-2024-53197, CVE-2024-53150
Week 16 only:
CVE-2025-32433, CVE-2025-31200 Week 17 only:
CVE-2025-31324, CVE-2025-0282, CVE-2025-1731
Continuous exploitation
The sightings used for this analysis were mainly collected through The Shadowserver Foundation’s honeypot network.
This table highlights vulnerabilities that are consistently and recently exploited at a high rate. Often found at network edges, such as routers, VPNs, and similar devices.
Thank you
Thank you to all the contributors and our diverse sources!
If you want to contribute to the next report, you can create your account.
Feedback and Support
If you have suggestions, please feel free to open a ticket on our GitHub repository. Your feedback is invaluable to us!
https://github.com/vulnerability-lookup/vulnerability-lookup/issues/