The attack is believed to be a nation-state level attack, and only the rogue developer and groups with which the compromised key has been shared would be able to gain access. As such, it is not likely to be widely exploited.
More information is available in our blog post here.
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
4 Dec 2025
233 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
17 Nov 2025
56 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
📢 𝐍𝐞𝐰 𝐂𝐕𝐄 𝐚𝐧𝐚𝐥𝐲𝐬𝐢𝐬 𝐣𝐮𝐬𝐭 𝐝𝐫𝐨𝐩𝐩𝐞𝐝! CVE-2024-3094 exposes a critical backdoor in Linux tools. Uncover how threat intelligence and supply-chain monitoring fight this hidden threat. 🌐 Explore the write-u
@PurpleOps_io
2 Nov 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
31 Oct 2025
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢 𝐇𝐨𝐭 𝐨𝐟𝐟 𝐭𝐡𝐞 𝐩𝐫𝐞𝐬𝐬: 𝐂𝐕𝐄 𝐢𝐧𝐬𝐢𝐠𝐡𝐭𝐬! Discover how CVE-2024-3094 silently compromised SSH across major Linux systems and learn how to defend with real threat intel and supply chain monitoring. 📖 Check
@PurpleOps_io
19 Oct 2025
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
14 Oct 2025
108 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 𝐅𝐫𝐞𝐬𝐡 𝐂𝐕𝐄 𝐚𝐥𝐞𝐫𝐭 𝐣𝐮𝐬𝐭 𝐢𝐧! Learn how CVE-2024-3094 silently compromised XZ Utils in a high-stakes supply-chain backdoor threat-and what your team must do now. 🔗 Read the full breakdown → https://t.co/7GfWiDlpVk Jo
@PurpleOps_io
5 Oct 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
27 Sept 2025
120 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
9 Sept 2025
140 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
23 Aug 2025
156 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
35+ Docker Hub images still have XZ-Utils backdoor (CVE-2024-3094), letting attackers bypass SSH auth & run commands as root. Debian keeps backdoored images for archival reasons. Check containers for XZ-Utils 5.6.2+ to avoid this risk in CI/CD pipelines. #Cyber
@bigmacd16684
20 Aug 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2024年3月に発覚したXZ-Utilsのバッグドア(CVE-2024-3094)が、少なくとも35個のDocker Hub上のイメージに残存している。Binarly社報告。提供元のうちの1つはDebianだが、Debianはリスクは低いとしてイメージは非公開にはし
@__kokumoto
12 Aug 2025
1116 Impressions
3 Retweets
8 Likes
2 Bookmarks
0 Replies
1 Quote
【サプライチェーン攻撃の残存】2024年3月に発見されたXZ-Utilsバックドア(CVE-2024-3094)が、Docker
@nakajimeeee
12 Aug 2025
347 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
The XZ-Utils backdoor (CVE-2024-3094) still exists in many Linux images on Docker Hub, including Debian’s, enabling root access via SSH bypass. Upgrade to version 5.6 to mitigate risk. #DockerSecurity #LinuxImages #Debian https://t.co/4hS7y4nTLO
@TweetThreatNews
12 Aug 2025
106 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ What is the #xz utilz impact? @Josh Bressers, our VP of Security, deep dives on CVE-2024-3094 and what to do today: https://t.co/mkCUEv3kZx #opensource https://t.co/0US6CoGGTD
@anchore
9 Aug 2025
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
6 Aug 2025
103 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
20 Jul 2025
177 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
3 Jul 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
16 Jun 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
30 May 2025
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
13 May 2025
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
26 Apr 2025
71 Impressions
1 Retweet
2 Likes
0 Bookmarks
1 Reply
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
9 Apr 2025
46 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️ What is the #xz utilz impact? @Josh Bressers, our VP of Security, deep dives on CVE-2024-3094 and what to do today: https://t.co/mkCUEv3kZx #opensource https://t.co/vFqMqD7Lku
@anchore
29 Mar 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to http
@jrfetzer
23 Mar 2025
98 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to… htt
@jrfetzer
6 Mar 2025
91 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to… htt
@jrfetzer
17 Feb 2025
112 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to… htt
@jrfetzer
1 Feb 2025
84 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
The #xz (CVE-2024-3094) is a perfect example of a #supplychainattack. We have a short explainer on the blog on how our Anchore Enterprise customers and OSS #Syft users can immediately report on it. https://t.co/mkCUEv3kZx https://t.co/QLApGPAq82
@anchore
27 Jan 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[Link] XZ Utils backdoor (CVE-2024-3094) 解説 #Linux - Qiita>https://t.co/lT0sY4mhLf
@tech_wiki
20 Jan 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
XZ Utils backdoor (CVE-2024-3094) 解説 https://t.co/QuypsIy8am #Qiita
@kk0128_
19 Jan 2025
426 Impressions
0 Retweets
5 Likes
2 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to… htt
@jrfetzer
16 Jan 2025
126 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to… htt
@jrfetzer
5 Jan 2025
73 Impressions
1 Retweet
1 Like
0 Bookmarks
1 Reply
0 Quotes
for the XZ utils backdoor (CVE-2024-3094) and its detection, respectively. Iconic duo. - suddenly execs started caring about supply chain - never underestimate a Microsoft engineer troubleshooting with valgrind
@byt3n33dl3
1 Jan 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-49128 2 - CVE-2024-21182 3 - CVE-2024-3094 4 - CVE-2024-12744 5 - CVE-2024-38472 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
1 Jan 2025
107 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2024 Person of the year goes to “Jia Tan” and @AndresFreundTec for the XZ utils backdoor (CVE-2024-3094) and its detection, respectively. Iconic duo. - suddenly execs started caring about supply chain - never underestimate a Microsoft engineer troubleshooting with valgrind
@IceSolst
31 Dec 2024
11647 Impressions
18 Retweets
131 Likes
20 Bookmarks
4 Replies
1 Quote
⚠️ What is the #xz utilz impact? @Josh Bressers, our VP of Security, deep dives on CVE-2024-3094 and what to do today: https://t.co/mkCUEv3kZx #opensource https://t.co/z7CGtnIXgh
@anchore
30 Dec 2024
17 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
See how SentinelOne Singularity XDR tackles the xz backdoor (CVE-2024-3094), discovered March 29, 2024, affecting Linux's xz libraries. Key Points: Targets Debian, Fedora via SSH daemon/liblzma Exploits OSS supply chain vulnerabilities Shows even open-source isn't immune to… htt
@jrfetzer
18 Dec 2024
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #xz (CVE-2024-3094) is a perfect example of a #supplychainattack. We have a short explainer on the blog on how our Anchore Enterprise customers and OSS #Syft users can immediately report on it. https://t.co/mkCUEv3kZx https://t.co/90U4bCSFZJ
@anchore
8 Dec 2024
47 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-3094
@transilienceai
21 Nov 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tukaani:xz:5.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "73F1DAD7-F362-4C5B-B980-2E5313C369DA"
},
{
"criteria": "cpe:2.3:a:tukaani:xz:5.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "55782A0B-B9C5-4536-A885-84CAB7029C09"
}
],
"operator": "OR"
}
]
}
]