Glibc Critical Vulnerability CVSS 98
Query
// https://cybersecuritynews.com/glibc-vulnerability/
// https://nvd.nist.gov/vuln/detail/CVE-2025-4802
DeviceFileEvents
| where TimeGenerated > ago(90d)
| where ActionType == "FileCreated"
| where FileName == "libc.so.6"Explanation
This KQL (Kusto Query Language) query is designed to search through a dataset called DeviceFileEvents. Here's a simple breakdown of what the query does:
-
Time Filter: It looks at events that have been generated in the last 90 days (
TimeGenerated > ago(90d)). -
Action Type: It filters these events to only include those where a file was created (
ActionType == "FileCreated"). -
File Name: It further narrows down the results to events where the file created is specifically named "libc.so.6" (
FileName == "libc.so.6").
In essence, this query is searching for instances in the past 90 days where a file named "libc.so.6" was created on devices, which could be relevant for investigating potential security vulnerabilities related to the GNU C Library (glibc), as indicated by the links to the vulnerability information.
Details

Steven Lim
Released: May 22, 2025
Tables
Keywords
Operators