The U.S. Cybersecurity and Infrastructure Safety Company (CISA) is caution that hackers are exploiting vulnerabilities within the Linux kernel and Android working machine.
The newest flaw the company added to its Identified Exploited Vulnerabilities (KEV) catalog, CVE-2025-48595, is a high-severity integer overflow vulnerability within the Android Framework, which can also be leveraged for larger privileges.
In keeping with Google’s fresh safety bulletin, the protection factor affects Android 14 thru 16, and calls for no person interplay to take advantage of.
Google indicated that CVE-2025-48595 is also below restricted centered exploitation within the wild, however offered no explicit information about the process or technical details about the flaw or the incidents.
The problem has been addressed with the discharge of June 2026 safety patches (2026-06-01 and 2026-06-05 safety patch ranges).
The second one vulnerability CISA added to KEV is tracked as CVE-2022-0492, a high-severity privilege escalation flaw that affects more than one Linux kernel branches, from 2.6 thru 4.20, and from 5.5 thru 5.17.
The flaw lies within the ‘cgroup_release_agent_write()’ serve as of the cgroups v1 subsystem, which, because of inadequate authentication assessments, can also be abused by way of a neighborhood attacker to avoid namespace isolation, escalate privileges, and probably get away from a container to achieve root-level get admission to at the host machine.
In keeping with previous studies from Aqua Safety and Palo Alto Networks, the problem basically affects containerized environments the use of cgroups v1, and is particularly unhealthy when boxes are granted increased features.
The Linux kernel variations that cope with the problem are:
- 4.9.301+
- 4.14.266+
- 4.19.229+
- 5.4.177+
- 5.10.97+
- 5.15.20+
- 5.16.6+
- 5.17-rc3+
By means of together with the 2 flaws in KEV, all federal companies certain by way of the BOD 22-01 directive are required to use the vendor-provided safety updates and mitigations, or to prevent the use of the impacted tool. CISA set the cut-off date for June 5.
Alternatively, the KEV additionally serves as a understand board for important infrastructure entities and big organizations generally, who must take security features towards those flaws with the similar urgency.
Neither of the failings is marked as exploited by way of ransomware teams, which is a selected flag CISA makes use of on its KEV entries to focus on further severity and patching urgency.
Computerized pentesting gear ship actual worth, however they had been constructed to reply to one query: can an attacker transfer throughout the community? They weren’t constructed to check whether or not your controls block threats, your detection laws hearth, or your cloud configs cling.
This information covers the 6 surfaces you in reality wish to validate.
Obtain Now
