The US Cybersecurity and Infrastructure Safety Company (CISA) warns that hackers are exploiting vulnerabilities within the Linux kernel and Android working system.
The newest flaw the company added to its Recognized Exploited Vulnerabilities (KEV) catalog, CVE-2025-48595, is a high-severity integer overflow vulnerability within the Android framework that may be exploited to achieve elevated privileges.
Based on a current safety bulletin from Google, this safety problem impacts Android 14-16 and requires no consumer interplay for exploitation.
Google has indicated that CVE-2025-48595 could also be being exploited within the wild in a restricted and focused method, however didn’t present particular particulars concerning the exercise or technical details about the flaw or incident.
This problem was resolved with the discharge of the June 2026 safety patch (safety patch ranges 2026-06-01 and 2026-06-05).
The second vulnerability CISA added to KEV is tracked as CVE-2022-0492. This can be a excessive severity privilege escalation flaw affecting a number of Linux kernel branches from 2.6 to 4.20 and 5.5 to five.17.
The flaw resides within the cgroups v1 subsystem’s “cgroup_release_agent_write()” operate, which has inadequate authentication checks and could possibly be exploited by a neighborhood attacker to bypass namespace isolation, escalate privileges, and escape from the container to achieve root-level entry on the host system.
Based on earlier stories from Aqua Safety and Palo Alto Networks, this problem primarily impacts containerized environments utilizing cgroups v1 and is especially harmful when containers are granted elevated capabilities.
The next Linux kernel variations tackle this problem:
- 4.9.301+
- 4.14.266+
- 4.19.229+
- 5.4.177+
- 5.10.97+
- 5.15.20+
- 5.16.6+
- 5.17-rc3+
The inclusion of two flaws in KEV requires all federal businesses certain by the BOD 22-01 directive to use vendor-provided safety updates and mitigations or cease utilizing the affected software program. CISA has set a June 5 deadline.
Nonetheless, KEV additionally serves as a bulletin board for important infrastructure entities and huge organizations on the whole that must take safety measures in opposition to these flaws with equal urgency.
Neither flaw has been marked as being exploited by ransomware teams. This can be a particular flag that CISA makes use of on KEV entries to spotlight extra severity and urgency for patching.
Automated penetration testing instruments provide actual worth, however they have been constructed to reply one query: Can an attacker get by means of your community? They aren’t constructed to check whether or not controls block threats, detection guidelines hearth, or cloud configurations are preserved.
This information describes six surfaces that it is best to really look at.
Obtain now
