Risky Tech Ranking: Q3 2025 Updates

Coalition’s Risky Tech Ranking is an evolving list of technology providers whose products were vulnerable to exploitation by threat actors. The ranking uses publicly available data to help businesses make more thoughtful decisions about the technologies they adopt.

At Coalition, we frequently encounter technology products and services that do not adequately safeguard businesses, many of which are used by businesses that may become or wish to become Coalition policyholders. Ensuring that only trustworthy technology handles an organization’s sensitive electronic information is not only vital for Coalition policyholders, but also serves the broader public interest by contributing to a safer digital environment across the entire technology ecosystem.

The Risky Tech Ranking is updated on a quarterly basis, scoring vendors by multiplying the number of vulnerabilities impacting a vendor’s products by the average Coalition Exploit Scoring System (Coalition ESS) score. Below, we’ll examine noteworthy changes in vendor rankings and contributing vulnerabilities in Q3 2025.

How the Risky Tech Ranking evolved in Q3

The total number of vendors scored by Coalition in the Risky Tech Ranking increased by 8% in Q3 2025, growing from 8,145 in Q2 to 8,771 in Q3. 

The total number of contributing vulnerabilities also increased by 4%, growing from 42,716 in Q2 to 44,365 in Q3.

Overall, Q3 2025 saw relative stability among the top 10 positions in the Risky Tech Ranking, while a few new household-name vendors climbed into the top 30.

Changes among the top 5 rankings

Cisco (↑5)

Cisco climbed into the top 5, rising from #10 to #5, due to a 4% increase in the total number of contributing vulnerabilities.

Google (↑1)

Google rose one spot in the top 5, moving from #5 to #4, driven by an 11% increase in the total number of contributing vulnerabilities.

New entries & exits from the top 10

• D-Link (↑3) rose from #13 to #10. D-Link has fluctuated between #9 and #13 throughout 2025, experiencing both quarterly increases and decreases in the total number of contributing vulnerabilities.

• TOTOLINK (↓5) dropped from #8 to #13. This change interrupts the rise of the previous three quarters and returns TOTOLINK to the position it had at the beginning of 2025.

Significant movement among the top 30

Notably, Citrix and Nvidia entered the top 30 for the first time in Q3:

• Campcodes (↑27) returned to the top 20, jumping from #47 to #20.

• Citrix (↑46) climbed from #69 to #23.

• Nvidia (↑30) rose from #57 to #27. 

How the Risky Tech Ranking works and why it’s important

Technology products are frequently released with serious security flaws, putting businesses at risk before they have a chance to defend themselves. In 2024, cyber criminals exploited more than 3,000 new vulnerabilities per month to carry out ransomware campaigns, steal sensitive data, or establish long-term access to critical systems for future nefarious activity. Consequently, software vulnerabilities were a leading cause of ransomware attacks last year.

The Risky Tech Ranking is designed not only to serve as an educational tool for businesses when making purchasing decisions, but also to encourage vendors to make their popular technologies more secure.

Vulnerability management is difficult. Every update takes time, testing, and can risk breaking important systems. With thousands of new vulnerabilities reported every month, staying on top of it all is overwhelming, even for teams doing everything right. For small and midsize businesses (SMBs), this task is even harder. SMBs often rely on outside technology and trust that it's secure. But without clear information about vendor security practices, that trust can backfire.

The Risky Tech Ranking helps close that gap by giving businesses better insight into the risks tied to the products they use. Read more about why we built the ranking and the full methodology of how it works.

The Risky Tech Ranking is based on publicly available data and is intended for general, informational purposes only, and not as legal, professional, or consulting advice; use of the Risky Tech Ranking is solely at your own risk. The Risky Tech Ranking is a list of unaffiliated third-party technology providers ranked by a methodology based on Coalition’s Exploit Scoring System (Coalition ESS), which is powered by generative AI, machine learning, and an underlying algorithm that provides assessment of all publicly disclosed vulnerabilities and evaluates a technology vendor's risk based on the exploitability of reported vulnerabilities over a set time period. Coalition disclaims all warranties, express or implied. Risky Tech Ranking results may vary or fluctuate based on factors outside of Coalition's control. See Coalition’s Terms of Use and Privacy Policy for additional information.

This blog post is designed to provide general information on the topic presented and is not intended to construe or render legal or other professional services of any kind. If legal or other professional advice is required, the services of a professional should be sought. The views and opinions expressed as part of this blog post do not necessarily state or reflect those of Coalition. Neither Coalition nor any of its employees make any warranty of any kind, express or implied, or assume any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product or process disclosed. The blog post may include links to other third-party websites. These links are provided as a convenience only. Coalition does not endorse, have control over nor assumes responsibility or liability for the content, privacy policy or practices of any such third-party websites. 

Copyright © 2025. All rights reserved. Coalition and the Coalition logo are trademarks of Coalition, Inc. All other products and company names are the intellectual property of their respective brand owners.