April Linux Patch Wednesday

April Linux Patch Wednesday****. Total vulnerabilities: 251. 👌 164 in the Linux Kernel. No vulnerabilities show signs of being exploited in the wild. There are 7 vulnerabilities that appear to have publicly available exploits.

For 2 vulnerabilities, exploit code with detailed explanation is available on GitHub. Both were first patched in RedOS packages:

🔸 SQL injection – Exim (CVE-2025-26794)
🔸 Code Injection – MariaDB (CVE-2023-39593)

For the Memory Corruption – Mozilla Firefox (CVE-2025-3028), the NVD states the exploit code is in Mozilla’s bug tracker, but access is restricted. 🤷‍♂️

BDU FSTEC reports public exploits for 4 vulnerabilities:

🔸 Information Disclosure – GLPI (CVE-2025-21626)
🔸 Security Feature Bypass – GLPI (CVE-2025-23024)
🔸 Denial of Service / Remote Code Execution – Perl (CVE-2024-56406)
🔸 Memory Corruption – Libsoup (CVE-2025-32050)

🗒 Full Vulristics report

На русском

Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.

А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.