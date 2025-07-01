On June 18, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical Linux kernel vulnerability, CVE‑2023‑0386, to its Known Exploited Vulnerabilities (KEV) catalog.

This flaw, found in the OverlayFS subsystem, is currently being actively exploited in the wild and allows local privilege escalation to root. This is especially concerning given recent attacks such as the PumaBot SSH hijack botnet, which exploit similar attack vectors to gain unauthorized access.

Technical Overview