March Linux Patch Wednesday. Total vulnerabilities: 1083. 😱 879 in the Linux Kernel. 🤦♂️ Two vulnerabilities show signs of exploitation in the wild:
🔻 Code Injection – GLPI (CVE-2022-35914). An old vulnerability from CISA KEV, but first patched on March 3 in RedOS Linux.
🔻 Memory Corruption – Safari (CVE-2025-24201). Fixed in WebKitGTK packages in Linux repositories.
There are 19 vulnerabilities with publicly available exploits. Notable ones:
🔸 Remote Code Execution – Apache Tomcat (CVE-2025-24813)
🔸 Command Injection – SPIP (CVE-2024-8517)
🔸 Memory Corruption – Assimp (CVE-2025-2152)
🔸 Memory Corruption – libxml2 (CVE-2025-27113)
The Elevation of Privilege vulnerability in the Linux Kernel (CVE-2022-49264) has no public exploit yet. However, it resembles well-known PwnKit (CVE-2021-4034).
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.