The second most affected category was network-edge devices with 77 kevs. This category includes network safety equipment, router, firewall and VPN Gateway, which has been an increasing target over the last few years, especially for nation-state cyberpayan groups.
Server software (61 kevs), open-source software (55), and operating system (38) top five most targeted categories with hardware devices-include camera systems, DVRs, NVRS, IP phones and other embedded devices-coming in-coming in. Vulnchec notes that many flaws in the hardware device category came from the data collected by shadowvers, stating that it is not a good idea to expose such devices directly on the Internet.
In the context of vendors, Microsoft was the most targeted, with 32 kevs, of which 26 were for Windows, followed by Cisco (10), and Apple, Totolink, and VMWARE, with each six kave. However it is worth noting that not all new covers are new weaknesses. While 1 had 3 zero-days or 1-day, there are many old weaknesses that started to exploit only in 2025, put them on the new KV list.
