What’s New and Important for System Administrators
March 2025 brought a whirlwind of updates for anyone working with servers and infrastructure. From serious vulnerabilities to fresh software releases, there was no shortage of news—or challenges.
Monthly Recap: Highlights from March and Early April 2025
Dear friends and clients of King Servers,
The past month was intense for those keeping a close eye on server operations. We witnessed the disclosure of critical vulnerabilities, the release of long-awaited updates, and a wave of new security strategies. And that’s just the tip of the iceberg—we’ve got plenty of stories worth sharing.
This article brings together the key moments from March and the beginning of April 2025—everything related to infrastructure, server security, operating systems, cloud environments, and virtualization. We’ve written it in a way that’s clear both for newcomers to sysadmin work and for seasoned professionals.
We’ve broken it down into three main parts: vulnerabilities, updates & releases, and trends & events.
Let’s dive in together!
Dear friends and clients of King Servers,
This past month has been anything but quiet for those immersed in server life. We saw critical vulnerabilities come to light, long-awaited updates finally roll out, and new security strategies start to take shape. And that’s not even counting all the newsworthy moments we couldn’t wait to share.
In this article, we’ve rounded up the key developments from March and the first few days of April 2025—everything touching on infrastructure, server security, operating systems, cloud services, and virtualization. We aimed to make it accessible both for those just starting their journey in system administration and for seasoned pros who’ve been in the game for years.
We’ve broken it all down into three main sections:
- Vulnerabilities,
- Updates and releases,
- And key trends and events.
Ready to upgrade to modern server infrastructure?
At King Servers, we offer both AMD EPYC and Intel Xeon-powered servers with flexible configurations to suit any task—from virtualization and web hosting to S3 storage and data cluster solutions.
- S3-compatible storage for backups
- Control panel, API access, and scalability
- 24/7 support and guidance in choosing the right setup
Registration Result
...
Create an Account
Quick sign-up for infrastructure access
Vulnerabilities and Threats
March didn’t hold back when it came to vulnerabilities—some of which are already being actively exploited in real-world attacks. If you're a system administrator, now’s the perfect time to double-check whether your systems are patched and properly secured. Here are the top threats that made our watchlist this month:
To give you a visual breakdown of which system categories were most frequently targeted in March, check out the pie chart below. It’s a quick reference to help system administrators identify where the main risks were concentrated.
Apache Tomcat Vulnerability: Remote Code Execution
A serious vulnerability was discovered in Apache Tomcat — widely used for server-side Java applications. Known as CVE-2025-24813, it’s a remote code execution (RCE) flaw that’s especially dangerous: an attacker can send a crafted PUT request containing malicious Java code, which gets stored in the session and can later be triggered via a fake request — all without needing to log in.
Vulnerable versions include:
- Tomcat 9 up to 9.0.99,
- Tomcat 10 up to 10.1.35,
- Tomcat 11 up to 11.0.3.
News of the flaw spread fast — and within 30 hours, the first public exploits had already surfaced. Attacks began almost immediately. Thankfully, the Tomcat team moved quickly and released patches: 9.0.99, 10.1.35, and 11.0.3.
If you're running Tomcat on King Servers infrastructure, update as soon as possible — this is not something to put off. Experts warn that this is likely just the first wave, with more sophisticated attacks like stealth backdoors potentially on the horizon. Stay alert.
VMware ESXi: Breaking Out of the Virtual Machine
March was a rough month for VMware, with three critical vulnerabilities uncovered across its products — including ESXi, Workstation, and Fusion. The most serious of them all: CVE-2025-22224, scoring a 9.3 on the CVSS scale.
The issue stems from a buffer overflow in the VMCI component. If an attacker gains admin-level access inside a virtual machine, they can escape the guest and execute code directly on the host’s hypervisor. Think of it as a prison break — except the prisoner doesn’t just escape the cell, they take over the entire fortress.
Broadcom, now the owner of VMware, released emergency patches on March 4, acknowledging that CVE-2025-22224 has already been exploited in real-world attacks.
Vulnerable systems include:
- ESXi 7.0–8.0
- vSphere 6.5–8
- Workstation 17
- Fusion 13 and others
Estimates suggest that over 41,000 ESXi servers worldwide could be at risk. If you’re using VMware-based virtualization on our platforms, we strongly urge you to patch immediately — one compromised VM could take down your entire cluster.
Veeam Backup & Replication Bug
Another issue this month comes from a vulnerability in Veeam Backup & Replication: CVE-2025-23120. This one also enables remote code execution and is tied to how the software processes serialized data.
There’s a catch, though — it only affects systems that are joined to an Active Directory domain. Any authenticated domain user can send a crafted request and execute arbitrary code on the Veeam server.
The CVSS score is 8.8, which puts it firmly in the high-risk category.
Veeam responded quickly, releasing version 12.3.1 with a patch.
If you're handling backups on our servers and haven’t updated yet — do it now. Backups are far too important to leave exposed.
CrushFTP: Full Access, No Password Needed
A critical vulnerability was discovered in the CrushFTP server — CVE-2025-31161 — and it’s a serious one, scoring 9.8 on the CVSS scale.
Imagine this: an attacker simply uses any known username — say, “crushadmin” — and logs in without a password. Just like that, full access in hand.
Patches were released in versions 10.8.4 and 11.3.1, and we strongly recommend you update immediately. The U.S. cybersecurity agency CISA reported that this vulnerability is already being actively exploited as of April, and it’s now included in their Known Exploited Vulnerabilities catalog.
Fun fact: there was a delay in disclosure — VulnCheck and MITRE couldn’t agree on the CVE number, which added some confusion for developers. But for us, the takeaway is simple: patch now, sleep better.
Zero-Day in Ivanti VPN
Late March brought yet another threat: Chinese threat actors began exploiting a zero-day vulnerability in Ivanti Pulse Connect Secure — CVE-2025-22457.
The flaw is a stack overflow that allows attackers to execute code on the VPN gateway without any authentication — making it easy to drop malware or install backdoors right into the system.
A patch for version 22.7R2.6 was released back on February 11, but many systems remain unpatched. By mid-March, threat group UNC5221 was already deploying TRAILBLAZE and BRUSHFIRE plugins for covert surveillance operations.
If you're running Ivanti VPN on King Servers infrastructure, update immediately and scan your systems for compromise — this one’s no joke.
Other Notable Finds from March
Microsoft’s Patch Tuesday addressed 57 vulnerabilities, including 7 zero-days that were already under active exploitation. Some of the more notable flaws affected the MMC console and the Win32k kernel. Most of these required some level of user interaction — like clicking a malicious file or mounting a VHD — but you should update Windows regardless. Better safe than sorry.
Apple also joined the patching wave, fixing a zero-day in WebKit (CVE-2025-24201) affecting both iOS and macOS.
Over in the frontend world, a high-severity auth bypass bug was discovered in Next.js/React — CVE-2025-29927, rated 9.1 CVSS — but it’s already been patched.
As for Edimax IP camera users — bad news: a serious vulnerability has been found, and as of now, no fix is available, according to researchers.
March was a clear reminder: there’s no time to relax. Our advice: keep an eye on vendor advisories and apply patches without delay. Pay extra attention to server-side apps like Tomcat and Veeam, hypervisors like VMware, and VPN gateways — these were among the top targets.
And don’t forget about your OS — new exploits pop up faster than we can finish a cup of coffee.
Updates and Releases
It wasn’t all about threats — March also brought good news in the form of fresh software updates. Here’s what stood out to us and what we think is worth your attention:
March was an active month for the industry’s big names — Canonical, Microsoft, AWS, Red Hat, and others. We saw kernel updates, new Linux distro builds, Docker improvements, enhanced cloud security features, and powerful desktop releases. And this isn’t just a changelog dump — it marks a clear push forward in terms of stability, performance, and automation. Below is a breakdown of update categories by volume.
Linux 6.14: A Fresh Drop from Linus
On March 24, Linus Torvalds released the Linux 6.14 kernel — and it's a solid one. A new NTSYNC driver has been added, which mimics Windows NT synchronization. That means games running through Wine/Proton should now perform even better.
There's also improved support for AMDXDNA, aimed at powering Ryzen AI neural chips — so if you're running newer AMD servers, AI acceleration now comes built-in. Both Intel and AMD CPU support saw improvements across the board: better power efficiency, thermal handling, and speed tuning.
Video drivers got some love too — expect smoother graphics output. Rust is continuing to make its way into the kernel, bringing with it more safety and reliability. Version 6.14 is already being tested in several distros and should land soon in Ubuntu and Fedora.
If you're the kind who likes to stay ahead of the curve, grab the source from kernel.org and build it yourself.
Linux 6.14: Fresh from Linus
On March 24, Linus Torvalds rolled out Linux kernel 6.14 — and it’s a strong release. One of the standout additions is the NTSYNC driver, which mimics Windows NT-style synchronization. That means better compatibility and performance for games running via Wine or Proton.
Support for AMDXDNA has also landed, enabling native acceleration for Ryzen AI neural chips — great news if you’re running modern AMD hardware. Intel and AMD CPUs both got improved support: better power management, thermal tuning, and speed optimization across the board.
Graphics drivers have been refined too, leading to smoother rendering. Meanwhile, Rust continues its slow but steady integration into the kernel, boosting code safety and reliability. Linux 6.14 is already being tested in major distributions, and should be rolling out to Ubuntu and Fedora soon.
If you like staying on the bleeding edge, grab the source code at kernel.org and build it yourself.
Ubuntu 25.04 “Plucky Puffin”
Canonical is getting ready to launch Ubuntu 25.04 — affectionately named “Plucky Puffin.” Gotta love that name, right? The beta dropped at the end of March.
The Subiquity installer for servers has been upgraded — you can now install the OS in live mode, which saves a ton of time.
GNOME 48, the shift to GTK4, and triple buffering make the UI feel smoother. The release ships with LibreOffice 25.2 and GIMP 3.0, enhanced Wayland support, and kernel 6.14 — plus a nice set of tools for cloud/server environments.
The final release is scheduled for April 17, 2025. It’s not an LTS build — support lasts for 9 months — so this one's mostly for those eager to try out the latest tech.
More Distros & Tools
Fedora 42 is on the horizon — expected in May with kernel 6.14, new packages, and updates to Toolbox and Silverblue for container workflows.
Windows 11 got its March updates — minor VPN improvements, a few interface tweaks, and a handful of bug fixes.
Docker Desktop 4.20 is faster and more AMD64/ARM-friendly, while Podman 4.x tightened up network features and improved Docker Compose compatibility.
Proxmox VE 8.x received important security patches, and the Windows Server vNext preview showed off some new features for clusters and containers — definitely worth keeping an eye on.
The Cloud Keeps Evolving
AWS rolled out a few handy new features in March:
- Amazon EKS now encrypts API traffic with KMS — for free,
- WAF can now detect TLS fingerprints (JA3/JA4) to help stop bots,
- and tagging in S3 is now 35% cheaper.
Aurora PostgreSQL can now push data directly into Redshift — no ETL needed.
Over at Azure, AI Foundry expanded its enterprise AI tools with built-in NVIDIA support, and Security Copilot got 11 new modules from Microsoft and partners like OneTrust. These enhancements help streamline phishing defense, data loss prevention (DLP), and vulnerability management — giving SOC teams a serious productivity boost.
Trends & Industry Highlights
March wasn’t just about tech updates — it brought stories and shifts that gave us a lot to think about. Here’s what caught our eye:
While some companies pushed out patches and upgrades, others found themselves at the center of deeper transformations — from the rising influence of AI in cybersecurity to the growing pressure on open-source communities from data scrapers. One standout shift: automation is evolving fast. AI is increasingly part of the chain — from vulnerability scanning to generating phishing attacks. At the same time, outages in cloud services and hits on financial infrastructure reminded us just how fragile the digital world can be. These aren’t just headlines — they’re shaping the rules of the game for tomorrow.
AI: Defender and Threat
Large language models are becoming deeply embedded in cybersecurity — on both sides of the fight.
Microsoft proudly reported that its Security Copilot discovered 20 previously unknown vulnerabilities in Linux bootloaders like GRUB2, U-Boot, and Barebox — including buffer overflows and RCE bugs ideal for bootkits. It did all this in hours instead of weeks, and even suggested remediation steps.
But there’s a darker side: in one test, ChatGPT was used to automate an attack — identifying a Symantec employee, generating a PowerShell script, and composing a phishing email that bypassed defenses. While still experimental, the trend is clear: AI is speeding up both defense and offense.
Scrapers vs. Open Source
Who would've thought — AI bots scraping the web for training data are now wreaking havoc on open-source infrastructure. KDE, GNOME, and Fedora all reported server overloads from bots ignoring robots.txt, impersonating real users, and hitting services without consent.
GNOME says only 3% of its traffic comes from actual humans. Fedora saw outages on Pagure and OBS. KDE’s GitLab was flooded by Alibaba’s scrapers.
Developers are fighting back with traps like Cloudflare’s “AI Labyrinth,” feeding fake data to mislead bots. But the problem is growing. Maybe it’s time AI companies start supporting open source — not draining it dry?
Microsoft Outage: When the Cloud Crashed
On March 1, Microsoft suffered a major outage — Outlook, Exchange, Teams, and parts of Azure all went down. Downdetector logged over 37,000 complaints about Outlook and 24,000 for Microsoft 365.
The cause? A buggy update that took everything offline. Things were mostly fixed by the evening, but businesses felt the impact — email and messaging disruptions hit hard. Consider this a reminder: always have a backup plan. Microsoft says future updates will be better tested, but don’t expect perfection.
Strikes Against Cybercrime
In March, law enforcement agencies continued to crack down on international cybercrime groups. The U.S. extradited Rostislav Panev from Israel — a suspect linked to the LockBit gang. Authorities reportedly seized key evidence, including source code and communications dating back to 2019, which could seriously impact the group’s future operations.
Meanwhile, the U.S. Secret Service seized domain names belonging to Garantex, a crypto platform registered in Russia. At the same time, payment provider Tether froze 2.5 billion rubles worth of USDT, and one of the platform’s co-founders, Alexey Beshchyakov, was detained in India.
Garantex has been under U.S. sanctions since 2022 for allegedly laundering money for groups like Conti and Hydra. Despite these enforcement actions, rumors are already swirling about the rise of a new platform. The global fight against cybercrime remains an ongoing challenge — and a high priority.
Privacy Under Fire
23andMe is going bankrupt and up for sale — but what happens to the genetic data of 15 million users? After the 2023 breach, the fate of that information is murky at best.
Meanwhile, Pokémon Go is being sold to a Saudi fund — including its treasure trove of player geolocation data. Niantic insists everything remains secure, but that’s a hard sell. Data is currency, and this trend is deeply unsettling.
Final Thoughts
March 2025 was packed — from patching vulnerabilities and rolling out updates to tracking trends across the industry. At King Servers, we’re committed to keeping you informed and helping you stay secure. Keep your systems updated, stay alert, and get ready for what’s next. Until the next recap!
