Enterprise networks are more vulnerable than ever—and routers are leading the charge.
A new report from Forescout reveals that routers now represent the biggest security risk across enterprise environments, housing more critical vulnerabilities than any other device type.
According to Forescout’s Riskiest Connected Devices of 2025 report, overall device risk has jumped by 15% in the past year. Routers alone account for over half of the devices affected by the most severe vulnerabilities—many of which threat actors are already exploiting in real-world attacks.
While traditional computers still carry the most bugs, the truly dangerous flaws are showing up elsewhere—especially in networking equipment and specialized devices.
The report analyzed millions of devices across IT, IoT, OT, and Internet of Medical Things (IoMT) environments using data from Forescout’s Device Cloud. Among its findings:
- 12 new device types have entered the top 20 riskiest list, including ADCs, firewalls, IPMIs, PoS systems, and infusion pump controllers.
- 8 devices—like routers, VoIP systems, IP cameras, and UPS units—have remained high-risk for multiple years.
Surprisingly, devices meant to protect networks—like firewalls and ADCs—are frequently impacted by severe, often zero-day vulnerabilities. The same is true for IoMT tools such as infusion pumps and healthcare workstations, making hospitals and clinics especially vulnerable.
Industry-wise, retail tops the list for overall risk, followed by finance, government, healthcare, and manufacturing. Regionally, Spain, China, the UK, Qatar, and Singapore are seeing the highest levels of exposure.
Adding to the risk: a huge number of enterprise devices are still running Windows 10, which hits end-of-support in October 2025. Retail and healthcare are the most affected, with over 70% of non-legacy Windows systems still on the soon-to-be-outdated OS.
Another worrying trend? The rise of unsecured communication protocols. Forescout notes a decline in encrypted SSH usage and a rise in Telnet, a protocol with no encryption at all.
The takeaway is clear:
“Focusing security efforts on a single category is no longer enough,” the report warns. “Attackers are moving across IT, OT, IoT, and now even IoMT—making the entire connected environment fair game.”
