Forescout Announces Riskiest Connected Devices of 2025, IoMT Devices Increasingly Vulnerable

Routers Now Accounting for Over 50% of the Most Vulnerable Devices

New Cloud-Enabled Platform, eyeScope, Provides Consolidated View of Device Landscape

Forescout, a global cybersecurity leader, today published its fifth annual “Riskiest Connected Devices of 2025” report, which analyzes millions of devices in Forescout’s Device Cloud using Forescout’s multifactor risk scoring methodology to assess the most vulnerable devices in enterprise networks based on each device’s configuration (vulnerabilities and open ports), criticality to the business and internet exposure. This year’s report analyzes the five riskiest device types globally across IT, Internet of Things (IoT), Operational Technology (OT), and Internet of Medical Things (IoMT) and industry verticals. Key findings in the report reveal a 15% year-over-year increase in average device risk, and that routers account for over 50% of devices with the most dangerous vulnerabilities. The findings also revealed that retail was the sector with the riskiest devices on average, followed by financial services, government, healthcare, and manufacturing.

Since 2020, Forescout Research – Vedere Labs has been monitoring the riskiest devices in organizational networks, leveraging data sourced directly from the devices themselves. Its latest findings reveal a growing shift in the threat landscape, with network infrastructure—especially routers—continuing to outpace endpoints as the riskiest IT devices since 2023. Adversaries are rapidly exploiting newly discovered vulnerabilities in these devices through large-scale attack campaigns, with 12 new device types, including four new IoMT devices, on this year’s list. This marks the largest year-over-year increase Forescout has observed. As the attack surface broadens across IT, IoT, OT, and IoMT environments, siloed security efforts are no longer sufficient.

"We're handing attackers the keys to critical operations. Cybercriminals are ditching traditional endpoints and targeting the devices that keep our hospitals, factories, governments, and businesses running,” said Barry Mainz, Forescout CEO. “This year alone, four new types of medical device topped the risk charts. If we don't secure every IT, IoT, OT, and IoMT device across our networks, the consequences will be devastating."

Key Findings of the Riskiest Connected Devices in 2025 Report:

IT Devices – Routers Dominate as Most Vulnerable Devices

Four new IT device types were added to the 2025 list: Application Delivery Controllers (ADC), Intelligent Platform Management Interfaces (IPMI), Firewalls, and Domain Controllers. IPMI devices are plagued with critical vulnerabilities and domain controllers are among the most critical points in internal networks.

In 2023, endpoints were riskier than network infrastructure, but that flipped in 2024. In 2025, the trend continues with network infrastructure remaining riskier than endpoints as they are often exposed at the perimeter of networks and have dangerous open ports serving administrative interfaces.

Even with the added risky IT devices, over 50% of devices with the most critical vulnerabilities are still routers, making them prime targets for attackers. Computers and wireless access points are also among the most frequently vulnerable device types.

IoT Devices – PoS Systems Emerge as a Top Target

The riskiest IoT devices include mostly those that have been known to be problematic for a long time, such as network video recorders (NVRs), VoIP, IP cameras, and network attached storage (NAS) devices.

This year, point of sale (PoS) systems, such as those used in retail stores, made the list. PoS have been targeted by cybercriminals with generic malware such as keyloggers and infostealers to capture sensitive information, as well as dedicated RAM scrapers that search the device’s memory for credit card numbers and other data before encryption.

OT Devices – Universal Gateways and Historians Make Their Debut

This year universal gateways and historians, servers dedicated to storing operational process data, appeared for the first time on the list, alongside building management systems (BMS), physical access control systems and uninterruptible power supply devices (UPS).

Universal gateways are risky because they interconnect different systems, sometimes including both Ethernet and serial communications, thus potentially allowing for lateral movement within OT networks or for threats on the Ethernet network to affect serially connected devices. Historians are deployed alongside process control systems based on programmable logic controllers (PLCs) or distributed control systems (DCS), often at Purdue level 3. These systems commonly share data with enterprise devices at higher levels, which means they sit at the dangerous interconnection between IT and OT networks.

IoMT Devices – Biggest Change with Four New Device Types

Four new IoMT device types were added this year: imaging devices, lab equipment, healthcare workstations, and infusion pump controllers. Imaging devices often run legacy vulnerable IT operating systems, have extensive network connectivity to allow for sharing imaging files, and use the DICOM standard for sharing these files. Lab equipment is usually connected to laboratory information systems and often the data transmitted between them is unencrypted, allowing for attacks such as data exfiltration and data tampering. Healthcare workstations can access very sensitive information, which is valuable on the dark web and nowadays often leaked by ransomware gangs. Infusion pump controllers are very critical since compromising a controller could lead an attacker to tamper with critical settings of drug delivery.

“Today’s threat environment spans IT, IoT, OT, and IoMT—yet too many security solutions operate in silos, leaving dangerous blind spots,” said Daniel dos Santos, Head of Research at Forescout Research – Vedere Labs. “Beyond regular risk assessments, enterprises need automated controls that cover all assets. Solutions that focus on specific devices fail to deliver the full visibility and security controls needed for these highly complex environments.”

The study reinforces that any organization not continuously monitoring both traditional and specialized network devices risks becoming the next breach headline. To help companies effectively close these blind spots, Forescout recently launched eyeScope®, an easy-to-deploy, cloud-based visibility and monitoring solution. By uniting eyeScope’s real-time device intelligence with the urgent risk priorities highlighted in the research, Forescout is giving organizations the data and tools necessary to secure their most vulnerable assets.

For more information, review the full research report, summary blog, and eyeScope solution page.

About Forescout

The Forescout 4D Platform™ provides complete asset intelligence and control across IT, OT, IoT, and IoMT environments. For more than 20 years, Fortune 100 organizations, government agencies, and large enterprises have trusted Forescout as their foundation to manage cyber risk, ensure compliance, and mitigate threats. With seamless context sharing and workflow orchestration across more than 100 full-featured security and IT product integrations, Forescout makes every cybersecurity investment more effective.

Forescout Research – Vedere Labs is the industry leader in device intelligence, curating unique and proprietary threat intelligence that powers Forescout’s platform.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250409142355/en/