Tag Archives: Linux

October “In the Trend of VM” (#20): vulnerabilities in Cisco ASA/FTD and sudo

Leave a reply

October In the Trend of VM (#20): vulnerabilities in Cisco ASA/FTD and sudo

October “In the Trend of VM” (#20): vulnerabilities in Cisco ASA/FTD and sudo. A traditional monthly roundup. This time, once again, no Microsoft vulnerabilities. 😲

🗞 Post on Habr (rus)
🗞 Post on SecurityLab (rus)
🗒 Digest on the PT website (rus)

Only three identifiers in total:

🔻 Remote Code Execution – Cisco ASA/FTD (CVE-2025-20333, CVE-2025-20362). This vulnerability chain has been exploited in attacks since May 2025, but there are no public exploits yet.
🔻 Elevation of Privilege – Sudo (CVE-2025-32463). There are signs of in-the-wild exploitation and many public exploits are available.

На русском

About Elevation of Privilege – Sudo (CVE-2025-32463) vulnerability

Leave a reply

About Elevation of Privilege - Sudo (CVE-2025-32463) vulnerability

About Elevation of Privilege – Sudo (CVE-2025-32463) vulnerability. Sudo is a utility in Unix-like operating systems that allows a user to run a program with the privileges of another user, by default the superuser (root).

🔻 The vulnerability allows a local attacker to escalate privileges by forcing sudo to load an arbitrary dynamic library when using a root directory specified via the -R (–chroot) option. An attacker can execute arbitrary commands as root on systems that support (Name Service Switch configuration file).

⚙️ The vulnerability was fixed in sudo 1.9.17p1, released on June 30, 2025.

🛠 On the same day, a write-up by researcher Rich Mirch was published with a PoC exploit.

🐧 I noted Linux vendors’ remediation of this vulnerability in July Linux Patch Wednesday. Multiple public exploits for the vulnerability were available.

👾 On September 29, the vulnerability was added to CISA KEV.

На русском

September Linux Patch Wednesday

Leave a reply

September Linux Patch Wednesday

September Linux Patch Wednesday. In September, Linux vendors began addressing 748 vulnerabilities, slightly fewer than in August. Of these, 552 are in the Linux Kernel. The share of Linux Kernel vulnerabilities is growing! One vulnerability shows signs of being actively exploited (CISA KEV):

🔻 MemCor – Chromium (CVE-2025-10585). Public exploits are available.

For 63 (❗️) vulnerabilities, public exploits are available or there are signs they exist. Notable ones include:

🔸 RCE – CivetWeb (CVE-2025-55763), ImageMagick (CVE-2025-55298), Asterisk (CVE-2025-49832), libbiosig (CVE-2025-46411 and 22 other CVEs), sail (CVE-2025-32468 and 7 other CVEs)
🔸 AuthBypass – OAuth2 Proxy (CVE-2025-54576), CUPS (CVE-2025-58060)
🔸 EoP – UDisks (CVE-2025-8067)
🔸 SQLi – Django (CVE-2025-57833)
🔸 SFB – CUPS (CVE-2025-58364)

🗒 Full Vulristics report

На русском

August Linux Patch Wednesday

1 Reply

August Linux Patch Wednesday

August Linux Patch Wednesday. I’m late with this LPW since I was improving the generation of LPW bulletin lists and the operation of Vulristics. 🙂 In August, Linux vendors addressed 867 vulnerabilities, nearly twice July’s total, including 455 in the Linux Kernel. One vulnerability is confirmed exploited in the wild (CISA KEV):

🔻 SFB – Chromium (CVE-2025-6558) – an exploited SFB in Chromium for the fourth month in a row. 🙄

Public exploits are available or suspected for 72 (❗️) vulnerabilities. The most important are:

🔸 RCE – WordPress (CVE-2024-31211) – from last year, but recently fixed in Debian; Kubernetes (CVE-2025-53547), NVIDIA Container Toolkit (CVE-2025-23266), Kafka (CVE-2025-27819)
🔸 Command Injection – Kubernetes (CVE-2024-7646)
🔸 Code Injection – PostgreSQL (CVE-2025-8714/8715), Kafka (CVE-2025-27817)
🔸 Arbitrary File Writing – 7-Zip (CVE-2025-55188)

🗒 Full Vulristics report

На русском

July Linux Patch Wednesday

1 Reply

July Linux Patch Wednesday

July Linux Patch Wednesday. This time, there are 470 vulnerabilities, slightly fewer than in June. Of these, 291 are in the Linux Kernel. One vulnerability shows signs of being exploited in the wild (CISA KEV):

🔻 SFB – Chromium (CVE-2025-6554)

There are also 36 (❗️) vulnerabilities for which public exploits are available or suspected to exist. Notable among them:

🔸 RCE – Redis (CVE-2025-32023), pgAdmin (CVE-2024-3116), Git (CVE-2025-48384)
🔸 EoP – Sudo (CVE-2025-32462, CVE-2025-32463)
🔸 PathTrav – Tar (CVE-2025-45582)
🔸 XSS – jQuery (CVE-2012-6708)
🔸 SFB – PHP (CVE-2025-1220)
🔸 DoS – LuaJIT (CVE-2024-25177), Linux Kernel (CVE-2025-38089)
🔸 MemCor – DjVuLibre (CVE-2025-53367)

🗒 Full Vulristics report

На русском

June Linux Patch Wednesday

2 Replies

June Linux Patch Wednesday

June Linux Patch Wednesday. This time, there are 598 vulnerabilities, almost half as many as in May. Of these, 355 are in the Linux Kernel. There are signs of exploitation in the wild for 3 vulnerabilities (CISA KEV).

🔻 SFB – Chromium (CVE-2025-2783)
🔻 MemCor – Chromium (CVE-2025-5419)
🔻 CodeInj – Hibernate Validator (CVE-2025-35036). This vulnerability is exploited in attacks on Ivanti EPMM (CVE-2025-4428).

Additionally, for 40 (❗️) vulnerabilities public exploits are available or there are signs of their existence. Notable among them are:

🔸 RCE – Roundcube (CVE-2025-49113)
🔸 EoP – libblockdev (CVE-2025-6019)
🔸 DoS – Apache Tomcat (CVE-2025-48988), Apache Commons FileUpload (CVE-2025-48976)
🔸 InfDisc – HotelDruid (CVE-2025-44203)
🔸 DoS – ModSecurity (CVE-2025-47947)

🗒 Full Vulristics report

На русском

May

1 Reply

May

May Linux Patch Wednesday. This time: 1091 vulnerabilities. Of those, 716 are in the Linux Kernel. 🤯 5 vulnerabilities are exploited in the wild:

🔻 RCE – PHP CSS Parser (CVE-2020-13756). In AttackerKB, an exploit exists.
🔻 DoS – Apache ActiveMQ (CVE-2025-27533). In AttackerKB, an exploit exists.
🔻 SFB – Chromium (CVE-2025-4664). In CISA KEV.
🔻 PathTrav – buildkit (CVE-2024-23652) and MemCor – buildkit (CVE-2024-23651). In BDU FSTEC.

For 52 (❗️) more, there are signs of existing public exploits. Two trending vulnerabilities I’ve mentioned before::

🔸 RCE – Kubernetes “IngressNightmare” (CVE-2025-1974 and 4 others)
🔸 RCE – Erlang/OTP (CVE-2025-32433)

Exploits for these are also notable:

🔸 EoP – Linux Kernel (CVE-2023-53033)
🔸 XSS – Horde IMP (CVE-2025-30349)
🔸 PathTrav – tar-fs (CVE-2024-12905)
🔸 SFB – kitty (CVE-2025-43929)
🔸 DoS – libxml2 (CVE-2025-32414)

🗒 Full Vulristics report

На русском