ADVERTISEMENT

Hackers exploiting critical sudo flaw: CISA wants five bugs gone by October 20th

CISA warns that the critical Linux Sudo flaw, unveiled in July, has been included in hackers’ arsenals and is now being actively exploited to gain superuser privileges on unpatched systems. The watchdog set aggressive deadlines for federal agencies to patch the flaws.

Linux

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
Sep 30, 2025 Updated: 30 September 2025 2 min read
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.
ADVERTISEMENT
  • Adminer server-side request forgery vulnerability from 2021 (CVE-2021-21311): the database management tool is vulnerable to remote attackers obtaining potentially sensitive information.
  • Fortra GoAnywhere MFT deserialization of untrusted data vulnerability (CVE-2025-10035): the file transfer solution is vulnerable to hackers with a validly forged license response signature, who can deserialize an arbitrary actor-controlled object, possibly leading to command injection.
  • Libraesva Email Security Gateway command injection vulnerability (CVE-2025-59689): the email security solution will run commands injected via a compressed e-mail attachment.

ADVERTISEMENT