Threat Advisories:
CVE-2025-7775: Actively Exploited Critical Flaw in Citrix NetScaler ZipLine Campaign Spins Web Around U.S. Supply Chain Manufacturers with MixShell August 2025 Linux Patch Roundup New SHAMOS Stealer Exploits One-Line Commands on macOS QuirkyLoader: A Silent Enabler of Modern Malware Families CVE-2025-43300: Zero-Day in Apple Image I/O Exploited in Targeted Attacks Static Tundra Fuels Espionage Campaigns Through an Old Cisco Bug Crypto24 Ransomware Disrupts Businesses Using Custom EDR Bypass GodRAT Reloaded: Legacy Code, Modern Tactics Noodlophile Stealer Advances with Obfuscation, Social Media Deception PS1Bot: The Modular Malware Lurking Behind Malvertising Microsoft’s August 2025 Patch Tuesday Roundup Charon Ransomware Encrypts Files Belonging to Middle East Industries CVE-2025-25256: Fortinet Rushes to Patch High-Risk FortiSIEM Vulnerability Efimer Trojan: From Fake Lawsuits to Crypto Heists Zero-Day in WinRAR Actively Weaponized by Multiple Threat Groups DarkCloud Uses Fileless Techniques Turning into a Nightmare for Windows CastleBot Rising: The Evolving Malware-as-a-Service Threat MedusaLocker Uses ThrottleStop.sys Flaw to Kill AV on Windows Malicious npm Packages Target WhatsApp Developers with Kill Switch
🎧 Podcast: This Month's Threats in 10 Min! Emerging Threat Intel Audio Briefing - Listen & Defend Now →
👥 Play Count: Loading...
Partner Program
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them.
IntegrationsSync with an abundant number of out-of-the-box integrations.
HiveForce LabsStrategic intelligence and operational expertise to ensure comprehensive security readiness at all levels.
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Case Studies
Whitepapers
Press Releases
connect
Webinars & Videos
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoThreat Digest - Subscribe
Platform
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them.
IntegrationsSync with an abundant number of out-of-the-box integrations.
HiveForce LabsStrategic intelligence and operational expertise to ensure comprehensive security readiness at all levels.
Solutions
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Case Studies
Whitepapers
Press Releases
connect
Webinars & Videos
Company
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoThreat Digest - Subscribe

August 2025 Linux Patch Roundup

Red | Vulnerability Report
Download PDF

August 2025 Linux Patch Roundup

Summary

In August 2025, the Linux ecosystem addressed over 1900 vulnerabilities across major distributions including Debian, Red Hat, OpenSUSE, and Ubuntu. More than 1305 new vulnerabilities were discovered and patched, ranging from information disclosure and cross-site scripting (XSS) to privilege escalation and remote code execution. HiveForce Labs identified 13 severe vulnerabilities that are either actively exploited or have high exploitation potential, requiring immediate patching to ensure protection.

Vulnerability Details

The vulnerabilities span multiple categories including privilege escalation, denial of service, information disclosure, authentication bypass, and remote code execution. Key notable CVEs include:

  • CVE-2019-11135 (ZombieLoad v2) – An Intel processor speculative execution flaw via TSX Asynchronous Abort (TAA) that leaks sensitive data. Still unfixed in EOL Debian Jessie Xen hypervisors, posing permanent risk.

  • CVE-2019-19338 – An incomplete fix for ZombieLoad v2 affecting Cascade Lake CPUs with TSX enabled.

  • CVE-2020-11022 (jQuery XSS) – Cross-site scripting vulnerability in jQuery impacting multiple Linux distributions.

  • CVE-2022-2586 (Linux Kernel Use-After-Free) – Privilege escalation bug under active exploitation in Linux kernel.

  • CVE-2025-23266 (NVIDIAScape) – Critical NVIDIA Container Toolkit flaw enabling container escape, privilege escalation, and full server compromise, especially dangerous in AI cloud environments.

  • CVE-2025-54424 (fit2cloud 1Panel RCE) – Remote code execution vulnerability compromising Linux management services.

  • CVE-2025-6018 & CVE-2025-6019 – Privilege escalation vulnerabilities in PAM modules, which can be chained to achieve root access.

  • CVE-2025-46811 (SUSE Manager RCE) – Network-based remote code execution flaw targeting SUSE Manager servers.

  • CVE-2025-49125 (Apache Tomcat Auth Bypass) – Unauthorized access vulnerability enabling attackers to bypass authentication controls.

Recommendations

  1. Decommission EOL Software – Avoid running unsupported platforms like Debian Jessie with Xen to reduce permanent risk exposure.

  2. Harden Configurations – Disable TSX on Intel hosts, apply strict OCI runtime configurations, and secure authentication in PAM and container systems.

  3. Principle of Least Privilege – Enforce minimal privileges for operators in Vault, 1Panel, and SUSE Manager to limit escalation potential.

  4. Server Hardening – Disable unnecessary services, apply strict file system permissions, validate uploads, and implement secure defaults.

  5. Security Monitoring & Logging – Enable logging for privilege changes, PAM activity, abnormal container behavior, and network anomalies.

  6. System Isolation – Immediately isolate affected workloads or containers to prevent further spread.

  7. Deploy Network Traffic Analysis – Continuously monitor traffic for anomalies such as unusual SSH connections or exfiltration attempts.

MITRE ATT&CK TTPs

  • Privilege Escalation – Exploitation for Privilege Escalation (T1068), Dynamic Linker Hijacking (T1574.006), Malicious Image Execution (T1204.003)

  • Execution & Initial Access – Exploitation for Client Execution (T1203), Exploit Public-Facing Application (T1190)

  • Impact – Endpoint Denial of Service (T1499)

  • Collection & Credential Theft – Input Capture (T1056), Data from Local System (T1005)

  • Container Exploits – Deploy Container (T1610), Container Escape through NVIDIA Toolkit

References

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox