Routers represent the riskiest devices in enterprise networks, containing the largest number of critical vulnerabilities, Forescout notes in a new report.
According to the company’s ‘Riskiest Connected Devices of 2025’ report, device risk has increased 15% compared to the previous year, with routers accounting for more than half of the devices plagued by the most dangerous vulnerabilities.
The report, which analyzes millions of devices in Forescout’s Device Cloud to identify the riskiest types across IT, IoT, OT, and Internet of Medical Things (IoMT), shows that computers have the largest number of bugs, but not the most dangerous ones.
The list of top 20 riskiest devices has changed significantly since last year, with 12 new device types added: ADCs, firewalls, intelligent platform management interfaces (IPMIs), domain controllers, PoS systems, universal gateways, historians, physical access control systems, imaging devices, lab equipment, healthcare workstations, and infusion pump controllers.
The remaining eight device types have been on the list for at least one year: routers, VoIP systems, IP cameras, and UPS devices since 2022, NAS and BMS devices since 2023, and NVR and PACS systems since 2024.
While meant to secure networks and enable communication with external networks, ADCs, firewalls, and routers are routinely affected by severe vulnerabilities that threat actors often exploit as zero-days.
“Network equipment – especially routers – has overtaken endpoints as the riskiest category of IT devices. Driven by increased threat actor focus, adversaries are rapidly exploiting new vulnerabilities in these devices through large-scale attack campaigns,” Forescout says.
According to the report, some of the most dangerous security defects are found in IoMT devices such as pump controllers, medication dispensing systems, and workstations.
On average, the riskiest devices are within the retail sector, with financial services, government, healthcare, and manufacturing rounding up the top five. Spain, China, the UK, Qatar, and Singapore are impacted the most.
Within all five industries, more than 50% of non-legacy Windows devices are running Windows 10, which will reach end-of-support on October 14, 2025. Retail and healthcare are impacted the most, with over 70% of non-legacy Windows devices running Windows 10.
Forescout also underlines that special-purpose operating systems such as embedded firmware are more prevalent than mobile platforms across industries, with the healthcare, government, and manufacturing sectors having the highest concentration of such products.
The report also shows that organizations in the financial sector have the largest number of open ports on protocols such as SMB, RDP, SSH, and Telnet. Overall, Forescout has observed a decrease in the use of SSH, which provides encrypted communication, and an increase in the use of Telnet, which is not encrypted.
“The attack surface in modern organizations now spans IT, IoT and OT, with IoMT adding another layer of complexity in healthcare. Focusing security efforts on a single category is no longer sufficient, as attackers exploit devices across different domains to execute attacks,” Forescout notes.
Related: 8,000 New WordPress Vulnerabilities Reported in 2024
Related: UK Government Report Calls for Stronger Open Source Supply Chain Security Practices
Related: ICS/OT Security Budgets Increasing, but Critical Areas Underfunded: Report
Related: Building Automation Protocols Increasingly Targeted in OT Attacks: Report
