Additional details regarding intrusions leveraging the vulnerability, which could result in the remote access of impacted systems, were not provided by Cisco. However, such a security issue was observed by SANS Technology Institute Dean of Research Johannes Ullirch to have been abused alongside another critical CSLU information disclosure bug, tracked as CVE-2024-20440, to compromise log files with API credentials and other sensitive details. "A quick search didn't show any active exploitation [at the time], but details, including the backdoor credentials, were published in a blog by Nicholas Starke shortly after Cisco released its advisory. So it is no surprise that we are seeing some exploit activity," said Ullrich. Federal agencies have already been urged by the Cybersecurity and Infrastructure Security Agency to address the flaw by April 21 following its inclusion in the agency's Known Exploited Vulnerabilities catalog earlier this week.
Threat actors have exploited 159 CVEs during the first three months of 2025, compared with 151 during the last quarter of 2024, with almost a third of vulnerabilities leveraged in attacks within a day of their disclosure, according to The Hacker News.
Clandestine rootkit compromise possible with Linux io_uring interface issue Rootkit compromise on Linux systems could remain undetected through the exploitation of a security issue impacting the Linux kernel interface io_uring, according to BleepingComputer.
