Risky Tech Ranking: Q4 2025 Updates

Coalition’s Risky Tech Ranking is an evolving list of technology providers whose products were vulnerable to exploitation by threat actors. The ranking uses publicly available data to help businesses make more thoughtful decisions about the technologies they adopt.

At Coalition, we frequently encounter technology products and services that do not adequately safeguard businesses, many of which are used by businesses that may become or wish to become Coalition policyholders. Ensuring that only trustworthy technology handles an organization’s sensitive electronic information is not only vital for Coalition policyholders, but also serves the broader public interest by contributing to a safer digital environment across the entire technology ecosystem.

The Risky Tech Ranking is updated on a quarterly basis, scoring vendors by multiplying the number of vulnerabilities impacting a vendor’s products by the average Coalition Exploit Scoring System (Coalition ESS) score. Below, we’ll examine noteworthy changes in vendor rankings and contributing vulnerabilities in Q4 2025.

How the Risky Tech Ranking evolved in Q4 2025

The total number of vendors scored by Coalition in the Risky Tech Ranking increased by 8.7% in Q4 2025, growing from 8,771 to 9,533.

The total number of contributing vulnerabilities (CVEs) also increased by 4.2%, growing from 44,365 to 46,234. Despite these increases, the Average Vendor Score decreased by 6.3%, moving from 0.158 to 0.148.

See the updated Risky Tech Ranking here.

Changes among the top 5 rankings

Adobe (↑1)

Adobe rose into the top 5, moving from #6 to #5. While Adobe's risk score actually decreased slightly (by 0.6%), the move was primarily driven by the improved performance of neighboring vendors; specifically, Adobe overtook Cisco as Cisco's security profile improved more significantly.

Cisco (↓2)

Cisco fell out of the top 5, dropping from #5 to #7. This positive shift was due to a significant improvement in Cisco's own security performance, marked by a 27.5% decrease in its overall Vendor Risk Score, driven largely by a lower count of contributing vulnerabilities.

New entries & exits from the top 10

The Q1 2026 update saw several shifts in the top 10 most risky vendors:

• Fortinet (↑2): Joined the top 10, rising from #11 to #9.



• Tenda (↑5): New to the top 10, climbing from #15 to #10.



• PHPGurukul (↓2): Left the top 10, dropping from #9 to #11.



• D-Link (↓5): After fluctuating earlier in the year, D-Link fell from #10 to #15.



Significant movement among the top 30

Two vendors experienced major shifts of 20 positions or more within the top 30:

• Fabian (↑72): Made a dramatic jump into the top 30, rising from #99 all the way to #27.



• Palo Alto Networks (↓22): Showed significant improvement, dropping from #17 to #39, thereby exiting the top 30.



How the Risky Tech Ranking works and why it’s important

Technology products are frequently released with serious security flaws, putting businesses at risk before they have a chance to defend themselves.

More than 48,00 new CVEs were published in the National Vulnerability Database in 2025, a 21% increase over 2024. What’s more, the US Cybersecurity and Infrastructure Security Agency (CISA) added 245 new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog in 2025. 

The Risky Tech Ranking is designed not only to serve as an educational tool for businesses when making purchasing decisions, but also to encourage vendors to make their popular technologies more secure.

Vulnerability management is difficult, especially for small and midsize businesses (SMBs) that often rely on outside technology and trust that it's secure. The Risky Tech Ranking helps close that gap by giving businesses better insight into the risks tied to the products they use.

Read more about why we built the ranking and the full methodology.

The Risky Tech Ranking is based on publicly available data and is intended for general, informational purposes only, and not as legal, professional, or consulting advice; use of the Risky Tech Ranking is solely at your own risk. The Risky Tech Ranking is a list of unaffiliated third-party technology providers ranked by a methodology based on Coalition’s Exploit Scoring System (Coalition ESS), which is powered by generative AI, machine learning, and an underlying algorithm that provides assessment of all publicly disclosed vulnerabilities and evaluates a technology vendor's risk based on the exploitability of reported vulnerabilities over a set time period. Coalition disclaims all warranties, express or implied. Risky Tech Ranking results may vary or fluctuate based on factors outside of Coalition's control. See Coalition’s Terms of Use and Privacy Policy for additional information.

This blog post is designed to provide general information on the topic presented and is not intended to construe or render legal or other professional services of any kind. If legal or other professional advice is required, the services of a professional should be sought. The views and opinions expressed as part of this blog post do not necessarily state or reflect those of Coalition. Neither Coalition nor any of its employees make any warranty of any kind, express or implied, or assume any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product or process disclosed. The blog post may include links to other third-party websites. These links are provided as a convenience only. Coalition does not endorse, have control over nor assumes responsibility or liability for the content, privacy policy or practices of any such third-party websites. 

Copyright © 2026. All rights reserved. Coalition and the Coalition logo are trademarks of Coalition, Inc. All other products and company names are the intellectual property of their respective brand owners.