February Linux Patch Wednesday. There are 561 vulnerabilities in total. 338 in Linux Kernel. Formally, there is one vulnerability with a sign of exploitation in the wild: RCE – 7-Zip (CVE-2025-0411). But it is about Windows MoTW and, naturally, is not exploitable on Linux.
There are public exploits for 21 vulnerabilities.
Among them there are 5 Cacti vulnerabilities:
🔸 RCE – Cacti (CVE-2025-24367)
🔸 Command Injection – Cacti (CVE-2025-22604)
🔸 SQLi – Cacti (CVE-2024-54145, CVE-2025-24368)
🔸 Path Traversal – Cacti (CVE-2024-45598)
2 OpenSSH vulnerabilities discovered by Qualys:
🔸 DoS – OpenSSH (CVE-2025-26466)
🔸 Spoofing/MiTM – OpenSSH (CVE-2025-26465)
Of the rest, the most interesting are:
🔸 RCE – Langchain (CVE-2023-39631), Snapcast (CVE-2023-36177), Checkmk (CVE-2024-13723),
🔸 EoP – Linux Kernel (CVE-2024-50066)
🔸 SQLi – PostgreSQL (CVE-2025-1094)
🔸 XSS – Checkmk (CVE-2024-13722), Thunderbird (CVE-2025-1015)
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.