FISA

  Two newly discovered and interconnected Linux vulnerabilities — CVE-2025-6018 and CVE-2025-6019 — enable unprivileged attackers to escalate privileges to root across major Linux distributions. Affecting millions of systems globally, these flaws represent a severe and urgent security threat requiring immediate action.  Overview of the Vulnerability Chain The vulnerability chain, uncovered by the Qualys Threat Research Unit , hinges on two distinct but related flaws that when exploited in sequence, allow full root access: CVE-2025-6018 — A misconfiguration in the Pluggable Authentication Modules (PAM) on SUSE-based systems allows SSH users to be misclassified as local “active” users. CVE-2025-6019 — A flaw in the libblockdev library, accessible via the udisks daemon , grants root privileges to users in an “allow_active” context. Together, they form a dangerous privilege escalation chain, easily exploitable on systems with default configurations.  CVE-202...

A high-severity vulnerability has been discovered in Splunk Universal Forwarder (UF) for Windows , exposing enterprise systems to serious risk. Tracked as CVE-2025-20298 , the flaw allows non-administrator users to gain unauthorized access to the application's installation directory and its contents. With a CVSS v3.1 score of 8.0 , this vulnerability violates fundamental security principles such as least privilege and may lead to log tampering, data exposure, and service disruption. Overview of the Issue During new installations or upgrades of Splunk Universal Forwarder on Windows, some affected versions assign overly permissive access controls to the installation directory: C:\Program Files\SplunkUniversalForwarder This misconfiguration allows standard (non-admin) users to read and potentially modify the contents of the directory, including configuration files, log data, and binary executables. The issue is categorized under CWE-732: Incorrect Permission Assignment for Critical R...

Two critical local information-disclosure vulnerabilities have been uncovered, affecting millions of Linux systems worldwide. These flaws could allow attackers to extract sensitive password data through manipulated core dumps—posing a serious security risk to enterprises and individuals alike. The Discovery The vulnerabilities, disclosed by the Qualys Threat Research Unit (TRU), target core dump handlers used in major Linux distributions. They involve race conditions that can be exploited to access core dumps generated by SUID (Set User ID) programs —a class of privileged executables. CVE-2025-5054 targets Apport , Ubuntu’s crash reporting system. CVE-2025-4598 affects systemd-coredump , the default handler in Red Hat Enterprise Linux (RHEL) 9 & 10 and Fedora 40/41 . Qualys researchers demonstrated successful proof-of-concept (PoC) exploits that allow attackers to manipulate processes like unix_chkpwd —a standard Linux utility for password verification—and extract pas...

  As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024. "We continue to see vulnerabilities being exploited at a fast pace with 28.3% of vulnerabilities being exploited within 1-day of their CVE disclosure," VulnCheck said in a report shared with The Hacker News. This translates to 45 security flaws that have been weaponized in real-world attacks within a day of disclosure. Fourteen other flaws have been exploited within a month, while another 45 flaws were abused within the span of a year. The cybersecurity company said a majority of the exploited vulnerabilities have been identified in content management systems (CMSes), followed by network edge devices, operating systems, open-source software, and server software. The breakdown is as follows - Content Management Systems (CMS) (35) Network Edge Devices (29) Operating Systems (24) Open Source Software (14) Server Software (14) The leadin...