Ethical Hacking News
Active attacks exploiting critical vulnerabilities in the Linux kernel and Android operating system have been identified by CISA's Known Exploited Vulnerabilities (KEV) catalog. This alert highlights the importance of patching these flaws promptly to prevent potential exploits.
CISA has issued an alert warning of active attacks exploiting critical vulnerabilities in the Linux kernel and Android operating system.A high-severity integer overflow vulnerability (CVE-2025-48595) has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, impacting Android 14 through 16.A high-severity privilege escalation flaw (CVE-2022-0492) has been added to the KEV catalog, impacting multiple Linux kernel branches and allowing local attackers to bypass namespace isolation and gain root-level access.CISA encourages critical infrastructure entities and large organizations to take security measures against these flaws with urgency, but notes that not all organizations are subject to the BOD 22-01 directive.Neither of the vulnerabilities has been marked as exploited by ransomware groups, indicating no widespread exploitation in the wild.Automated pentesting tools have limitations in addressing vulnerability gaps and may not detect control blockages or cloud configurations.Security professionals and IT managers should take immediate action to review systems, update with latest security patches, and implement additional security controls to prevent exploitation.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert warning of active attacks exploiting critical vulnerabilities in the Linux kernel and Android operating system. The alert comes as part of CISA's Known Exploited Vulnerabilities (KEV) catalog, which tracks and documents known exploited vulnerabilities that have been identified by CISA.
According to the latest update to the KEV catalog, CVE-2025-48595 has been added, a high-severity integer overflow vulnerability in the Android Framework. This vulnerability can be leveraged for increased privileges on affected devices running Android 14 through 16, and requires no user interaction to exploit. Google's recent security bulletin confirms that this vulnerability is impacting these versions of Android.
In addition to the Android Framework vulnerability, CISA has also added CVE-2022-0492 to its catalog, a high-severity privilege escalation flaw that impacts multiple Linux kernel branches, from 2.6 through 4.20, and from 5.5 through 5.17. This flaw lies in the 'cgroup_release_agent_write()' function of the cgroups v1 subsystem, which can be abused by a local attacker to bypass namespace isolation, escalate privileges, and potentially escape from a container to gain root-level access on the host system.
According to past reports from Aqua Security and Palo Alto Networks, this issue primarily impacts containerized environments using cgroups v1, and is especially dangerous when containers are granted elevated capabilities. The Linux kernel versions that address the issue are 4.9.301+, 4.14.266+, 4.19.229+, 5.4.177+, 5.10.97+, 5.15.20+, 5.16.6+, and 5.17-rc3+.
As part of its efforts to mitigate these vulnerabilities, CISA has set the deadline for all federal agencies bound by the BOD 22-01 directive to apply vendor-provided security updates and mitigations, or to stop using the impacted software. However, CISA also recognizes that not all organizations are subject to this directive, and encourages critical infrastructure entities and large organizations in general to take security measures against these flaws with the same urgency.
It is worth noting that neither of the vulnerabilities listed on KEV has been marked as exploited by ransomware groups, which is a specific flag used by CISA to highlight additional severity and patching urgency. This indicates that while these vulnerabilities are critical and should be addressed promptly, there is currently no known evidence of widespread exploitation in the wild.
Furthermore, recent reports from various sources have highlighted the limitations of automated pentesting tools in addressing vulnerability gaps in network security. Automated pentesting tools were designed to answer a single question: can an attacker move through the network? However, they were not built to test whether controls block threats, detection rules fire, or cloud configurations hold. As such, it is essential for organizations to engage in thorough vulnerability assessments and penetration testing to ensure that their networks are secure.
In light of this new alert from CISA, security professionals and IT managers should take immediate action to review their systems and update them with the latest security patches. This includes verifying the versions of Android and Linux kernel currently installed on affected devices, as well as implementing additional security controls to prevent exploitation of these vulnerabilities.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Issues-Alert-Active-Attacks-Exploiting-Critical-Linux-and-Android-Vulnerabilities-ehn.shtml
https://www.bleepingcomputer.com/news/security/cisa-warns-of-active-attacks-exploiting-android-linux-bugs/
https://cybersecuritynews.com/android-0-day-vulnerability-exploited/
https://nvd.nist.gov/vuln/detail/CVE-2025-48595
https://www.cvedetails.com/cve/CVE-2025-48595/
https://nvd.nist.gov/vuln/detail/CVE-2022-0492
https://www.cvedetails.com/cve/CVE-2022-0492/
Published: Wed Jun 3 11:20:27 2026 by llama3.2 3B Q4_K_M
