Annual recap
Mobile security · 2025
2025 review indexed by Appaloosa Scout: 2 165 mobile CVE published, 55 added to the CISA KEV catalog (exploited in real attacks), 6 mobile apps affected by at least one KEV.
- CVE indexed this year
- 2 165
- CISA KEV added
- 55
- Tracked apps affected
- 6
Severity distribution
CRITICAL
125
HIGH
1 295
MEDIUM
75
LOW
10
Top 10 mobile KEV of the year
Sorted by number of mobile apps affected (CVSS as tiebreaker).
| CVE | Severity | Apps | Added to KEV | Description |
|---|---|---|---|---|
|
CVE-2025-48384
2 apps
|
HIGH 8.0 | 2 | 2025-08-25 | Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations an… |
|
CVE-2010-3765
1 apps
|
CRITICAL 9.8 | 1 | 2025-10-06 | Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x be… |
|
CVE-2025-8088
1 apps
|
HIGH 8.8 | 1 | 2025-08-12 | A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious… |
|
CVE-2025-6218
1 apps
|
HIGH 7.8 | 1 | 2025-12-09 | RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code… |
|
CVE-2025-0411
1 apps
|
HIGH 7.0 | 1 | 2025-02-06 | 7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism o… |
|
CVE-2025-55177
1 apps
|
MEDIUM 5.4 | 1 | 2025-09-02 | Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.2… |
|
CVE-2025-32433
0 apps
|
CRITICAL 10.0 | 0 | 2025-06-09 | Erlang/OTP SSH Vulnerable to Pre-Authentication RCE |
|
CVE-2025-14611
0 apps
|
CRITICAL 9.8 | 0 | 2025-12-15 | Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme.… |
|
CVE-2025-59287
0 apps
|
CRITICAL 9.8 | 0 | 2025-10-24 | Windows Server Update Service (WSUS) Remote Code Execution Vulnerability |
|
CVE-2025-53770
0 apps
|
CRITICAL 9.8 | 0 | 2025-07-20 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
Top vendors by KEV this year
- 1 win.rar GmbH 2 KEV · 1 apps
- 2 Apple Distribution International 1 KEV · 1 apps
- 3 Igor Pavlov 1 KEV · 1 apps
- 4 Mozilla 1 KEV · 1 apps
- 5 The Git Development Community 1 KEV · 1 apps
- 6 WhatsApp Inc. 1 KEV · 1 apps
Most affected apps
Methodology
KEV: added to the CISA catalog during the year (kev_added_date). CVE: NVD publication date. Apps: those indexed in Scout at query time; the history evolves as new mappings are added.