Enterprise networks are facing greater risks in 2025, with routers now leading the pack as the most vulnerable connected devices, according to a new report from cybersecurity firm Forescout. The study reveals a sharp 15% increase in device risk over the past year, with routers alone making up more than half of the devices affected by the most critical vulnerabilities.
Drawing data from millions of connected devices across IT, IoT, OT, and Internet of Medical Things (IoMT) networks, Forescout’s “Riskiest Connected Devices of 2025” report offers a clear picture of where the biggest security gaps lie today.
Routers, Firewalls, and ADCs Now the Top Targets
Routers—once seen as networking staples—are now being exploited at scale due to a surge in zero-day vulnerabilities. Alongside them, application delivery controllers (ADCs) and firewalls, which are also meant to protect networks, have become key weak spots in enterprise security.
“Network equipment—especially routers—has overtaken endpoints as the riskiest category of IT devices,” the report states. “Attackers are actively focusing on these devices to launch large-scale attacks.”
While traditional endpoints like computers still harbor the most bugs, they’re no longer the most dangerous. Critical vulnerabilities are shifting toward network infrastructure and specialized IoT systems.
New High-Risk Devices Emerge
This year’s top 20 list of the most vulnerable connected devices has shifted dramatically. Twelve new device types have entered the spotlight, including:
- Domain controllers
- IP cameras
- Intelligent platform management interfaces (IPMIs)
- PoS systems
- Historians
- Physical access control systems
- Imaging devices
- Lab equipment
- Infusion pump controllers
- Universal gateways
- Healthcare workstations
- ADCs and firewalls
These additions reflect the evolving nature of enterprise environments, where new connected devices are expanding the attack surface.
The eight returning devices still posing high risks include:
- Routers
- VoIP systems
- IP cameras
- UPS devices
- Network-attached storage (NAS)
- Building management systems (BMS)
- Network video recorders (NVR)
- Picture Archiving and Communication Systems (PACS)
IoMT Devices Raise Red Flags in Healthcare
In the healthcare sector, IoMT devices such as infusion pump controllers and medication dispensing systems are particularly concerning. These tools, essential for patient care, are increasingly targeted by attackers due to the critical functions they serve—and their often outdated software.
Among industries, retail stands out as the most vulnerable to cyberattacks, followed by financial services, government, healthcare, and manufacturing. In these sectors, over half of the Windows-based devices are still running Windows 10, an operating system that’s nearing its end-of-support deadline on October 14, 2025.
Retail and healthcare are particularly affected, with more than 70% of their non-legacy Windows systems still using Windows 10, putting them at heightened risk of future exploits.
Embedded Systems Outpace Mobile Devices in Risk Profile
Across the board, embedded operating systems are now more widely used than mobile platforms, especially in government, manufacturing, and healthcare environments. These specialized systems—often running outdated or unpatched firmware—are now a key weak point for cybersecurity professionals.
Interestingly, the financial sector shows the highest number of open ports on risky protocols like SMB, RDP, SSH, and Telnet. Worryingly, the report finds a drop in secure protocol usage, such as SSH, and a rise in Telnet usage—a legacy protocol that transmits data in plaintext, making it easy for attackers to intercept.
Modern Threats Span IT, IoT, OT, and IoMT
Forescout emphasizes that threats are no longer isolated to one type of system. The convergence of IT, IoT, OT, and IoMT means attackers are leveraging vulnerabilities across domains to execute multi-layered campaigns.
“Focusing security efforts on a single category is no longer sufficient,” the report warns. “The attack surface in modern organizations spans multiple environments, each with its own set of vulnerabilities.”
