April Linux Patch Wednesday. Total vulnerabilities: 251. 👌 164 in the Linux Kernel. No vulnerabilities show signs of being exploited in the wild. There are 7 vulnerabilities that appear to have publicly available exploits.
For 2 vulnerabilities, exploit code with detailed explanation is available on GitHub. Both were first patched in RedOS packages:
🔸 SQL injection - Exim (CVE-2025-26794)
🔸 Code Injection - MariaDB (CVE-2023-39593)
For the Memory Corruption - Mozilla Firefox (CVE-2025-3028), the NVD states the exploit code is in Mozilla’s bug tracker, but access is restricted. 🤷♂️
BDU FSTEC reports public exploits for 4 vulnerabilities:
🔸 Information Disclosure - GLPI (CVE-2025-21626)
🔸 Security Feature Bypass - GLPI (CVE-2025-23024)
🔸 Denial of Service / Remote Code Execution - Perl (CVE-2024-56406)
🔸 Memory Corruption - Libsoup (CVE-2025-32050)
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю подписаться на мой канал @avleonovrus "Управление Уязвимостями и прочее" в MAX или в Telegram.