Blog Details

The U.S. Cybersecurity and Infrastructure Security Company (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android running system.

Potentially the most hiss flaw the agency added to its Known Exploited Vulnerabilities (KEV) catalog, CVE-2025-48595, is a high-severity integer overflow vulnerability in the Android Framework, that would also unbiased be leveraged for increased privileges.

Per Google’s fresh security bulletin, the safety field impacts Android 14 thru 16, and requires no user interaction to exhaust.

Google indicated that CVE-2025-48595 shall be below tiny centered exploitation in the wild, however equipped no particular vital aspects about the notify or technical records about the flaw or the incidents.

The topic has been addressed with the launch of June 2026 security patches (2026-06-01 and 2026-06-05 security patch ranges).

The second vulnerability CISA added to KEV is tracked as CVE-2022-0492, a high-severity privilege escalation flaw that impacts more than one Linux kernel branches, from 2.6 thru 4.20, and from 5.5 thru 5.17.

The flaw lies in the ‘cgroup_release_agent_write()’ characteristic of the cgroups v1 subsystem, which, which capability of insufficient authentication exams, can also be abused by a neighborhood attacker to circumvent namespace isolation, escalate privileges, and likely escape from a container to reach root-level salvage admission to on the host system.

Per past reports from Aqua Security and Palo Alto Networks, the topic essentially impacts containerized environments the utilization of cgroups v1, and is incredibly harmful when containers are granted elevated capabilities.

The Linux kernel variations that address the topic are:

• 4.9.301+
• 4.14.266+
• 4.19.229+
• 5.4.177+
• 5.10.97+
• 5.15.20+
• 5.16.6+
• 5.17-rc3+

By collectively with the 2 flaws in KEV, all federal companies shuffle by the BOD 22-01 directive are required to put collectively the dealer-equipped security updates and mitigations, or to cease the utilization of the impacted application. CISA scrape the closing date for June 5.

Alternatively, the KEV furthermore serves as a witness board for serious infrastructure entities and substantial organizations in most cases, who can also unbiased quiet snatch security measures against these flaws with the identical urgency.

Neither of the failings is marked as exploited by ransomware groups, which is a particular flag CISA uses on its KEV entries to highlight additional severity and patching urgency.