Internet of things (IoT) devices are historically some of the most vulnerable applications in home and industry. These devices are usually connected to a hub or central point in the home or business that’s connected to Wi-Fi or to a local network leaving them vulnerable to bad actors hacking, particularly as IoT vendors continue to lag with sufficient cybersecurity.
Forescout, a cybersecurity firm, unveiled its most vulnerable connected devices for 2025 and it is no surprise that at the top of the list is internet routers, the main source of high-speed internet inside most homes.
In its Riskiest Connected Devices of 2025 report, Forescout found a 15% year-over-year increase in average device risk and routers are facing a whopping increase of 50% year-over-year in terms of their vulnerabilities.
"We're handing attackers the keys to critical operations,” said Barry Mainz, CEO of Forescout. “Cybercriminals are ditching traditional endpoints and targeting the devices that keep our hospitals, factories, governments, and businesses running.”
For the first time, four new types of medical devices topped the most vulnerable IoT devices, Mainz said.
Forescout unveiled the top four devices that are most likely to be hacked this year.
1) IT devices
The report found that the four most vulnerable IT devices in 2025 include:
- Application delivery controllers (ADC)
- Intelligent platform management interfaces (IPMI)
- Firewalls
- Domain controllers
The trend of network infrastructure remaining riskier than endpoints in 2025 will continue as they are exposed to the perimeter of networks and likely have open ports serving administrative interfaces, Forescout said.
Despite this increased risk, routers are still the prime targets for attackers and are 50% more vulnerable in 2025 than previous years, the company said.
2) POS systems
Point of sale (POS) terminals and IoT systems are getting regularly targeted by cybercriminals with malware to capture sensitive information. This is likely to increase in 2025 with RAM scrapers and more stealing data.
Other IoT devices that will be risky in 2025 include network video recorders, VoIP, IP cameras and network-attached storage devices.
3) Universal gateways
Forescout said that universal gateways are riskier in 2025 due to interconnecting different systems that often include Ethernet and serial communications. This includes devices like:
- Building management systems (BMS)
- Physical access control systems
- Uninterruptible power supply devices (UPS)
4) Healthcare IoT devices
One of the largest new targets for cybercrime in 2025 are IoT healthcare devices. Lab devices and healthcare monitoring systems usually are connected to information systems and data is transmitted between them that is not encrypted, making them susceptible to data exfiltration and data tampering.
The main targets include:
- Imaging devices
- Lab equipment
- Healthcare workstations
- Infusion pump controllers
“Today’s threat environment spans IT, IoT, OT, and IoMT — yet too many security solutions operate in silos, leaving dangerous blind spots,” said Daniel dos Santos, head of research at Forescout Research — Vedere Labs. “Beyond regular risk assessments, enterprises need automated controls that cover all assets. Solutions that focus on specific devices fail to deliver the full visibility and security controls needed for these highly complex environments.”
