Threat Advisories:
Lazarus Targets Europe’s UAV Innovation October 2025 Linux Patch Roundup MuddyWater Deploys Phoenix Backdoor in Targeted Espionage Campaign Critical Cloud Threat: Azure Blob Storage Under Active Attack Operation Silk Lure Scam: When Job Hunts Leads to Malware Storm-1175’s Masterstroke Exploits CVE-2025-10035 in GoAnywhere MFT F5 BIG-IP Breach: Nation-State Hackers Expose Source Code and Undisclosed Flaws Microsoft’s October 2025 Patch Tuesday TA585 Leverages ClickFix Technique and MonsterV2 Malware Astaroth Targets Brazil Using GitHub Infrastructure CVE-2025-11371: Unpatched Gladinet Flaw Actively Exploited in the Wild Stealit’s New Trick: Packing Malware Inside Node.js Single Executables Hidden in Plain Sight: The Abuse of Nezha and the Ghost RAT That Followed UTA0388: AI-Powered Targeted Operations Leveraging GOVERSHELL Zimbra Zero-Day Hidden in “Harmless” ICS File Targets Military Service Finder Plugin Flaw Opens Door to Full Site Compromise Redis Under Siege: RediShell Flaw Opens Door to Remote Code Execution CVE-2025-61882: Oracle EBS Zero-Day Actively Exploited in the Wild Water Saci: Brazil’s WhatsApp-Borne Malware Storm Confucius Hackers Spy on Critical Sectors Using AnonDoor
Highlights of Our CISO Dinner
Upgrading struggling vulnerability management programs to Threat Exposure Management, with Host, CISO Al Lindseth formerly from Plains All American Pipeline and PWC - 6 minute podcast
0:00
0:00
👥 Play Count: Loading...
Partner Program
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them. Powered by:
IntegrationsOut of box integrations available with a comprehensive set of Security and IT operations tools in your organisation.
HiveForce LabsThe in-house intelligence that enables customers to identify and address immediate cyber risks and potential threats with precision, clear insights, and swift action.
Hive Pro’s ComparisonSave Cost , Reduce Complexity and Increase Security by Augmenting and Replacing your existing Vulnerability Management platform
Hive Pro vs Rapid7
Hive Pro vs Tenable
Hive Pro vs Qualys
Hive Pro vs Nucleus Security
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Case Studies
Whitepapers
Press Releases
connect
Webinars & Videos
Blog
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoThreat Digest - Subscribe
Platform
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure Platform
IntegrationsOut of box integrations available with a comprehensive set of Security and IT operations tools in your organisation.
HiveForce LabsThe in-house intelligence that enables customers to identify and address immediate cyber risks and potential threats with precision, clear insights, and swift action.
Hive Pro’s Comparison
Hive Pro vs Rapid7
Hive Pro vs Tenable
Hive Pro vs Qualys
Hive Pro vs Nucleus Security
Solutions
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Case Studies
Whitepapers
Press Releases
connect
Webinars & Videos
Blog
Company
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoThreat Digest - Subscribe

October 2025 Linux Patch Roundup

Red | Vulnerability Report
Download PDF

October 2025 Linux Patch Roundup

Summary

In October 2025, more than 1,201 new vulnerabilities were discovered and addressed within the Linux ecosystem, affecting major distributions such as Debian, Red Hat, OpenSUSE, and Ubuntu. Additionally, over 2,169 vulnerabilities were highlighted, with corresponding hotfixes and patches released to mitigate risk.

These vulnerabilities span across information disclosure, privilege escalation, code execution, denial-of-service (DoS), and security bypass. HiveForce Labs identified 20 critical vulnerabilities that are either exploited in the wild or have a high likelihood of exploitation, warranting immediate remediation.

Vulnerability Details

The identified vulnerabilities enable multiple adversarial tactics including Execution, Privilege Escalation, and Defense Evasion. Notably, four of these are confirmed zero-days actively exploited by threat actors.

Key Vulnerabilities

  • CVE-2021-22555Linux Kernel Heap Out-of-Bounds Write Vulnerability:
    A long-standing flaw in the Linux kernel’s netfilter subsystem allowing heap memory corruption. Exploitation via user namespaces enables local privilege escalation or denial-of-service, and it remains actively exploited in modern attacks.
  • CVE-2023-44487HTTP/2 Rapid Reset Attack Vulnerability:
    A zero-day flaw exploited in massive DDoS attacks, enabling attackers to cancel HTTP/2 streams repeatedly at high speed to overwhelm targets. This vulnerability was under active exploitation in August 2025.
  • CVE-2025-41244VMware Aria Operations Privilege Escalation Vulnerability:
    Actively exploited by the UNC5174 threat group, this flaw allows privilege escalation to root on VMware guest virtual machines, enabling attackers to achieve complete control over compromised environments.
  • CVE-2025-49844 (“RediShell”)Redis Remote Code Execution Vulnerability:
    A 13-year-old use-after-free bug in Redis that allows authenticated attackers to exploit malicious Lua scripts, leading to sandbox escape and full host compromise. Attackers can deploy malware, steal credentials, and move laterally across affected systems.

Additional Notable Exploits

  • HTTP/2 “MadeYouReset” vulnerability expands on Rapid Reset attacks, suggesting further potential for large-scale denial-of-service campaigns.
  • CVE-2025-38084 and CVE-2025-38676 involve race condition and stack buffer overflow flaws in the Linux kernel, leading to code execution and memory corruption.
  • CVE-2025-55163 (Netty MadeYouReset) and CVE-2025-39682 (TLS Handling Bypass) expose systems to resource exhaustion and security evasion.

Additionally, a supply chain compromise targeting Xubuntu’s official website replaced legitimate torrent files with malware-laced ZIP archives capable of cryptocurrency wallet hijacking.

Recommendations

Kernel Hardening and Patching

  • Update the Linux kernel immediately with the latest security patches.
  • Implement kernel protection frameworks such as grsecurity, SELinux, or AppArmor to reduce exploitability and mitigate privilege escalation risks.

Network Security Controls

  • Enforce network segmentation to isolate high-value systems.
  • Configure firewall policies to restrict external access to services like Redis and HTTP/2 servers.
  • Deploy rate-limiting and request throttling to mitigate DDoS vectors linked to HTTP/2 vulnerabilities.

Application Security and Configuration

  • Continuously monitor and patch Redis, VMware Tools, and other open-source dependencies.
  • Disable user namespaces in Linux systems that don’t require them to limit local privilege escalation vectors.
  • Verify software integrity using checksums and GPG signatures before installation, and maintain trusted internal repositories to mitigate supply chain risks.

Virtualization and Response Strategy

  • Harden virtualization environments by isolating management interfaces, auditing guest permissions, and disabling non-essential services.
  • Conduct memory and process analysis on compromised systems to identify heap corruption, rogue scripts, or unauthorized kernel modules.

  • Rebuild affected servers from verified baselines, reapply security patches, and validate system integrity before redeployment.

MITRE ATT&CK TTPs

TacticTechniqueTechnique ID
ExecutionCommand and Scripting InterpreterT1059
Privilege EscalationExploitation for Privilege EscalationT1068
Defense EvasionExploit Protection Bypass, MasqueradingT1211, T1036.005
Credential AccessCredential DumpingT1003
DiscoverySystem and Network DiscoveryT1082, T1046
PersistenceValid Accounts, Registry Run KeysT1078, T1547
Lateral MovementRemote ServicesT1021
CollectionData from Local SystemT1005
ExfiltrationExfiltration Over C2 ChannelT1041
ImpactData Destruction, Resource Hijacking, DoST1485, T1496, T1499
Resource DevelopmentObtain Capabilities, Exploit Public-Facing ApplicationsT1588, T1190

References

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox