
April Linux Patch Wednesday. Total vulnerabilities: 251. 164 in the Linux Kernel. No vulnerabilities show signs of being exploited in the wild. There are 7 vulnerabilities that appear to have publicly available exploits.
For 2 vulnerabilities, exploit code with detailed explanation is available on GitHub. Both were first patched in RedOS packages:
SQL injection – Exim (CVE-2025-26794)
Code Injection – MariaDB (CVE-2023-39593)
For the Memory Corruption – Mozilla Firefox (CVE-2025-3028), the NVD states the exploit code is in Mozilla’s bug tracker, but access is restricted.
BDU FSTEC reports public exploits for 4 vulnerabilities:
Information Disclosure – GLPI (CVE-2025-21626)
Security Feature Bypass – GLPI (CVE-2025-23024)
Denial of Service / Remote Code Execution – Perl (CVE-2024-56406)
Memory Corruption – Libsoup (CVE-2025-32050)