Versioni attuali

Version Lifecycle-Status Patch-Level
OPENVAS SCAN 25.0 New 25.0.5 (2026-06-26)
OPENVAS SCAN 24.10 Mature 24.10.11 (2026-02-19)
OPENVAS OS 1.0 New 1.0.7 (2026-02-04)

Rimani sempre un passo avanti con OPENVAS.

Ricevi le innovazioni, i miglioramenti e gli aggiornamenti più importanti di Greenbone direttamente nella tua casella di posta elettronica. Iscriviti alla nostra newsletter sui prodotti e seleziona semplicemente gli argomenti che ti interessano nel modulo.

Changelog

2025-12-19: OPENVAS SCAN 25.0

Current Patch Level: 25.0.5 (2026-06-26)

Lifecycle Status: New

Note: Upgrading to this version requires a system restart. To ensure that all improvements and fixes take effect, you may need to reload the web interface or clear its cache.

25.0.5 (2026-06-26):

  • Greenbone OS:
    • Improvement: a new configuration option for the timeout of HTTP requests, such as report downloads, has been added. The menu Setup > Services > HTTPS > Timeout was reworked and renamed to Session Timeout to to avoid any confusion with the new menu Setup > Services > HTTPS > Request Timeout (#GOS-3121, #GOS-3135).
    • Improvement: the size of the backup partition was increased to 60 GB for the appliance models OPENVAS SCAN 6500 R2, OPENVAS SCAN 6500, OPENVAS SCAN 5400 R2, OPENVAS SCAN 5400, OPENVAS SCAN 650 R2, OPENVAS SCAN 600 R2, OPENVAS SCAN 450 R2, OPENVAS SCAN 400 R2, OPENVAS SCAN 150 R2, OPENVAS SCAN MSP, OPENVAS SCAN EXA, OPENVAS SCAN PETA, OPENVAS SCAN TERA, OPENVAS SCAN DECA, OPENVAS SCAN CENO and OPENVAS BASIC (#GOS-3091).
    • Improvement: the size of the database partition was increased to 80 GB for the appliance models OPENVAS SCAN 150 R2, OPENVAS SCAN CENO, OPENVAS SCAN ONE, OPENVAS BASIC and OPENVAS FREE (#GOS-3081).
    • Security fix: the Linux kernel has been upgraded from version 6.12.74-greenbone1 to version 6.12.90-greenbone1 for hardware appliances and from version 6.12.74-2 to version 6.12.90-2 for virtual appliances (CVE-2026-23171, CVE-2026-43503, CVE-2026-46300, CVE-2026-43494, CVE-2025-38584, CVE-2026-23468, CVE-2026-31419, CVE-2026-31709, CVE-2026-31715, CVE-2026-43284, CVE-2026-43500, CVE-2025-38584, CVE-2026-23468, CVE-2026-31419, CVE-2026-31709, CVE-2026-31715, CVE-2026-43284, CVE-2026-43500, CVE-2024-14027, CVE-2025-21709, CVE-2025-22116, CVE-2025-22117, CVE-2025-38426, CVE-2025-38627, CVE-2025-39764, CVE-2025-40005, CVE-2025-40135, CVE-2025-40147, CVE-2025-40150, CVE-2025-40219, CVE-2025-68175, CVE-2025-68239, CVE-2025-68334, CVE-2025-68736, CVE-2025-71152, CVE-2025-71161, CVE-2025-71221, CVE-2025-71239, CVE-2025-71265, CVE-2025-71266, CVE-2025-71267, CVE-2025-71269, CVE-2026-22981, CVE-2026-22985, CVE-2026-22986, CVE-2026-22993, CVE-2026-23004, CVE-2026-23066, CVE-2026-23070, CVE-2026-23104, CVE-2026-23138, CVE-2026-23157, CVE-2026-23207, CVE-2026-23210, CVE-2026-23226, CVE-2026-23227, CVE-2026-23231, CVE-2026-23239, CVE-2026-23240, CVE-2026-23242, CVE-2026-23243, CVE-2026-23244, CVE-2026-23245, CVE-2026-23246, CVE-2026-23249, CVE-2026-23250, CVE-2026-23251, CVE-2026-23252, CVE-2026-23253, CVE-2026-23255, CVE-2026-23270, CVE-2026-23271, CVE-2026-23273, CVE-2026-23274, CVE-2026-23276, CVE-2026-23277, CVE-2026-23278, CVE-2026-23279, CVE-2026-23281, CVE-2026-23284, CVE-2026-23285, CVE-2026-23286, CVE-2026-23287, CVE-2026-23289, CVE-2026-23290, CVE-2026-23291, CVE-2026-23292, CVE-2026-23293, CVE-2026-23296, CVE-2026-23297, CVE-2026-23298, CVE-2026-23300, CVE-2026-23302, CVE-2026-23303, CVE-2026-23304, CVE-2026-23306, CVE-2026-23307, CVE-2026-23308, CVE-2026-23310, CVE-2026-23312, CVE-2026-23313, CVE-2026-23315, CVE-2026-23316, CVE-2026-23317, CVE-2026-23318, CVE-2026-23319, CVE-2026-23321, CVE-2026-23324, CVE-2026-23325, CVE-2026-23330, CVE-2026-23334, CVE-2026-23335, CVE-2026-23336, CVE-2026-23339, CVE-2026-23340, CVE-2026-23343, CVE-2026-23347, CVE-2026-23351, CVE-2026-23352, CVE-2026-23354, CVE-2026-23356, CVE-2026-23357, CVE-2026-23359, CVE-2026-23360, CVE-2026-23361, CVE-2026-23362, CVE-2026-23363, CVE-2026-23364, CVE-2026-23365, CVE-2026-23367, CVE-2026-23368, CVE-2026-23369, CVE-2026-23370, CVE-2026-23372, CVE-2026-23373, CVE-2026-23374, CVE-2026-23375, CVE-2026-23378, CVE-2026-23379, CVE-2026-23380, CVE-2026-23381, CVE-2026-23382, CVE-2026-23383, CVE-2026-23386, CVE-2026-23387, CVE-2026-23388, CVE-2026-23389, CVE-2026-23391, CVE-2026-23392, CVE-2026-23393, CVE-2026-23395, CVE-2026-23396, CVE-2026-23397, CVE-2026-23398, CVE-2026-23399, CVE-2026-23401, CVE-2026-23412, CVE-2026-23413, CVE-2026-23414, CVE-2026-23417, CVE-2026-23419, CVE-2026-23420, CVE-2026-23422, CVE-2026-23426, CVE-2026-23427, CVE-2026-23428, CVE-2026-23434, CVE-2026-23438, CVE-2026-23439, CVE-2026-23440, CVE-2026-23441, CVE-2026-23442, CVE-2026-23444, CVE-2026-23445, CVE-2026-23446, CVE-2026-23447, CVE-2026-23448, CVE-2026-23449, CVE-2026-23450, CVE-2026-23452, CVE-2026-23454, CVE-2026-23455, CVE-2026-23456, CVE-2026-23457, CVE-2026-23458, CVE-2026-23460, CVE-2026-23461, CVE-2026-23462, CVE-2026-23463, CVE-2026-23464, CVE-2026-23465, CVE-2026-23466, CVE-2026-23470, CVE-2026-23474, CVE-2026-23475, CVE-2026-31389, CVE-2026-31391, CVE-2026-31392, CVE-2026-31393, CVE-2026-31394, CVE-2026-31396, CVE-2026-31399, CVE-2026-31400, CVE-2026-31401, CVE-2026-31402, CVE-2026-31403, CVE-2026-31405, CVE-2026-31406, CVE-2026-31407, CVE-2026-31408, CVE-2026-31409, CVE-2026-31410, CVE-2026-31411, CVE-2026-31412, CVE-2026-31414, CVE-2026-31415, CVE-2026-31416, CVE-2026-31417, CVE-2026-31418, CVE-2026-31421, CVE-2026-31422, CVE-2026-31423, CVE-2026-31424, CVE-2026-31425, CVE-2026-31426, CVE-2026-31427, CVE-2026-31428, CVE-2026-31429, CVE-2026-31430, CVE-2026-31431, CVE-2026-31432, CVE-2026-31433, CVE-2026-31434, CVE-2026-31436, CVE-2026-31438, CVE-2026-31439, CVE-2026-31440, CVE-2026-31441, CVE-2026-31446, CVE-2026-31447, CVE-2026-31448, CVE-2026-31449, CVE-2026-31450, CVE-2026-31451, CVE-2026-31452, CVE-2026-31453, CVE-2026-31454, CVE-2026-31455, CVE-2026-31458, CVE-2026-31462, CVE-2026-31464, CVE-2026-31466, CVE-2026-31467, CVE-2026-31469, CVE-2026-31470, CVE-2026-31473, CVE-2026-31474, CVE-2026-31476, CVE-2026-31477, CVE-2026-31478, CVE-2026-31479, CVE-2026-31480, CVE-2026-31482, CVE-2026-31483, CVE-2026-31485, CVE-2026-31487, CVE-2026-31488, CVE-2026-31489, CVE-2026-31492, CVE-2026-31494, CVE-2026-31495, CVE-2026-31496, CVE-2026-31497, CVE-2026-31498, CVE-2026-31500, CVE-2026-31502, CVE-2026-31503, CVE-2026-31504, CVE-2026-31505, CVE-2026-31506, CVE-2026-31507, CVE-2026-31508, CVE-2026-31509, CVE-2026-31510, CVE-2026-31511, CVE-2026-31512, CVE-2026-31515, CVE-2026-31516, CVE-2026-31518, CVE-2026-31519, CVE-2026-31520, CVE-2026-31521, CVE-2026-31522, CVE-2026-31523, CVE-2026-31524, CVE-2026-31525, CVE-2026-31527, CVE-2026-31528, CVE-2026-31530, CVE-2026-31531, CVE-2026-31532, CVE-2026-31533, CVE-2026-31540, CVE-2026-31542, CVE-2026-31545, CVE-2026-31546, CVE-2026-31548, CVE-2026-31549, CVE-2026-31550, CVE-2026-31551, CVE-2026-31552, CVE-2026-31554, CVE-2026-31555, CVE-2026-31556, CVE-2026-31557, CVE-2026-31558, CVE-2026-31559, CVE-2026-31561, CVE-2026-31563, CVE-2026-31565, CVE-2026-31566, CVE-2026-31570, CVE-2026-31575, CVE-2026-31576, CVE-2026-31577, CVE-2026-31578, CVE-2026-31580, CVE-2026-31581, CVE-2026-31582, CVE-2026-31583, CVE-2026-31584, CVE-2026-31585, CVE-2026-31586, CVE-2026-31587, CVE-2026-31588, CVE-2026-31590, CVE-2026-31593, CVE-2026-31594, CVE-2026-31595, CVE-2026-31596, CVE-2026-31597, CVE-2026-31598, CVE-2026-31599, CVE-2026-31602, CVE-2026-31603, CVE-2026-31604, CVE-2026-31605, CVE-2026-31606, CVE-2026-31607, CVE-2026-31610, CVE-2026-31611, CVE-2026-31612, CVE-2026-31614, CVE-2026-31615, CVE-2026-31616, CVE-2026-31617, CVE-2026-31618, CVE-2026-31619, CVE-2026-31622, CVE-2026-31623, CVE-2026-31624, CVE-2026-31625, CVE-2026-31626, CVE-2026-31627, CVE-2026-31628, CVE-2026-31629, CVE-2026-31634, CVE-2026-31637, CVE-2026-31638, CVE-2026-31639, CVE-2026-31642, CVE-2026-31644, CVE-2026-31645, CVE-2026-31646, CVE-2026-31647, CVE-2026-31648, CVE-2026-31649, CVE-2026-31651, CVE-2026-31655, CVE-2026-31656, CVE-2026-31657, CVE-2026-31658, CVE-2026-31659, CVE-2026-31660, CVE-2026-31661, CVE-2026-31662, CVE-2026-31664, CVE-2026-31665, CVE-2026-31666, CVE-2026-31667, CVE-2026-31668, CVE-2026-31669, CVE-2026-31670, CVE-2026-31671, CVE-2026-31672, CVE-2026-31673, CVE-2026-31674, CVE-2026-31675, CVE-2026-31676, CVE-2026-31677, CVE-2026-31678, CVE-2026-31679, CVE-2026-31680, CVE-2026-31681, CVE-2026-31682, CVE-2026-31683, CVE-2026-31684, CVE-2026-31685, CVE-2026-31686, CVE-2026-31689, CVE-2026-31693, CVE-2026-31786, CVE-2026-31787, CVE-2026-31788, CVE-2026-31499, CVE-2026-43088, CVE-2026-43109, CVE-2026-43220, CVE-2026-43490, CVE-2026-46333).
    • Security fix: the included package openssl was upgraded from version 3.5.5-1~deb13u2 to version 3.5.6-1~deb13u2 (CVE-2026-34180, CVE-2026-34182, CVE-2026-42766, CVE-2026-42770, CVE-2026-45445, CVE-2026-45446, CVE-2026-45447, CVE-2026-7383, CVE-2026-9076).
    • Security fix: the included package libgnutls was upgraded from version 3.8.9-3+deb13u2 to version 3.8.9-3+deb13u4 (CVE-2026-33845, CVE-2026-33846, CVE-2026-3833, CVE-2026-42009, CVE-2026-42010, CVE-2026-42011, CVE-2026-42012, CVE-2026-42013, CVE-2026-42014, CVE-2026-42015, CVE-2026-5260, CVE-2026-5419).
    • Security fix: the included package nginx was upgraded from version 1.30.0-1~bookworm to version 1.30.2-1~bookworm (CVE-2026-40701, CVE-2026-42934, CVE-2026-42945, CVE-2026-42946, CVE-2026-9256).
    • Security fix: the included package libgcrypt20 was upgraded from version 1.11.0-7 to version 1.11.0-7+deb13u1 (CVE-2026-41989).
    • Security fix: the included package krb5 was upgraded from version 1.21.3-5 to version 1.21.3-5+deb13u1 (CVE-2026-40355, CVE-2026-40356).
    • Security fix: the included package samba was upgraded from version 2:4.22.8+dfsg-0+deb13u1 to version 2:4.22.8+dfsg-0+deb13u2 (CVE-2026-2340, CVE-2026-3012, CVE-2026-3238, CVE-2026-4408, CVE-2026-4480).
    • Security fix: the included package openvpn was upgraded from version 2.6.14-1+deb13u1 to version 2.6.14-1+deb13u2 (CVE-2026-35058, CVE-2026-40215).
    • Security fix: the included package rsync was upgraded from version 3.4.1+ds1-5+deb13u1 to version 3.4.1+ds1-5+deb13u3 (CVE-2026-29518, CVE-2026-43617, CVE-2026-43618, CVE-2026-43619, CVE-2026-43620).
    • Security fix: the included package postgresql-17 was upgraded from version 17.9-0+deb13u1 to version 17.10-0+deb13u1 (CVE-2026-6472, CVE-2026-6473, CVE-2026-6474, CVE-2026-6475, CVE-2026-6476, CVE-2026-6477, CVE-2026-6478, CVE-2026-6479, CVE-2026-6637, CVE-2026-638).
    • Security fix: the included package redis was upgraded from version 5:8.0.2-3+deb13u1 to version 5:8.0.2-3+deb13u2 (CVE-2025-67733, CVE-2026-21863).
    • Security fix: the included package dnsmasq was upgraded from version 2.91-1 to version 2.91-1+deb13u1 (CVE-2026-4890, CVE-2026-4891, CVE-2026-4892, CVE-2026-4893, CVE-2026-5172).
    • Security fix: the included package sudo was upgraded from version 1.9.16p2-3+deb13u1 to version 1.9.16p2-3+deb13u2 (CVE-2026-35535).
    • Bug fix: an error was fixed where the authorized_key.sh integrity check could fail after a GOS upgrade (#GOS-3084).
    • Bug fix: an error was fixed where importing a beaming image could fail if the network interfaces eth0 or mgmt0 were not configured (#GOS-3067, #GS-10085, #GS-10212).
    • Bug fix: an error was fixed where the logs displayed a message stating that a feed update was in progress, although this was not actually the case (#GOS-3078, #GS-10193).
    • Bug fix: an error was fixed where selecting the menu item SFTP Master Host Keys caused the GOS administration menu to crash (#GOS-3103).
    • Bug fix: an error was fixed where the admin user was not able to use the command ping in the GOS shell (#GOS-3088).
    • Bug fix: an error was fixed where the gsad web server was not started with the --secure-cookie parameter, if a HTTPS certificate was generated for the first time (#GOS-3157).
    • Bug fix: an error was fixed where the web interface was no longer reachable after enabling the agent-based scanning feature (#GOS-3098).
    • Bug fix: an error was fixed where some services, for example openvasd and management-console-connector, only logged numbers in a support package (#GOS-3082).
    • Bug fix: an error was fixed where it was not possible to use gvm-cli in SSH mode without interaction when remotely managing an appliance via OPENVAS SECURITY INTELLIGENCE (#GOS-3038).
  • Vulnerability management:
    • Extension: agent-based scanning is now available on the appliance models OPENVAS SCAN G90, OPENVAS SCAN G30, OPENVAS SCAN G10 und OPENVAS SCAN VIRTUAL (#GEA-1465).
    • Improvement: agent-based scanning can now be used in master-sensor setups (#ANT-625).
    • Improvement: the gvm-tools suite was updated to version 26.0.6 and the python-gvm library was updated to version 27.3.1 (#PR-1922).
    • Bug fix: an error was fixed where report details pages would be continually refreshed even if the related scan tasks were done (#GEA-1764).
    • Minor improvement: the included appliance manual has been updated to the current version from 2026-06-19 (#PR-1885).
  • Vulnerability scanning:
    • Improvement: if a container image scan fails to connect to a container registry, the connection will now be reattempted three times before aborting the scan (#SC-1607).
    • Security fix: an issue was fixed where it was possible to overwrite arbitrary files when running a container image scan against a malicious container registry (#SC-1628).
    • Bug fix: an error was fixed where container image scans were stuck in the status Requested or at 0 % when the container registry was unavailable (#SC-1607).
    • Bug fix: an error was fixed where Notus-based scan results were limited to a maximum of 100 vulnerable packages each (#SC-1613).
    • Bug fix: an error was fixed where the Kerberos credential cache (ccache) was not used (#SC-1509).

Current Patch Level: 25.0.4 (2026-04-21)

Lifecycle Status: New

25.0.4 (2026-04-21):

  • Greenbone OS:
    • Security fix: the included package openssh was upgraded from version 1:10.0p1-7+deb13u1 to version 1:10.0p1-7+deb13u2 (CVE-2026-3497).
    • Security fix: the included package openssl was upgraded from version 3.5.5-1~deb13u1 to version 3.5.5-1~deb13u2 (CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31789, CVE-2026-31790).
    • Bug fix: an error was fixed where the joint upgrade of master-sensor appliance setups could fail (#GOS-3069, #GOS-3072, #GS-10160).
    • Minor bug fix: an error was fixed where a dialog for configuring the remote management by OPENVAS SECURITY INTELLIGENCE referred to an outdated product name (#GOS-2968).
  • Vulnerability management:
    • Improvement: the gvm-tools suite was updated to version 26.0.0 and the python-gvm library was updated to version 27.0.1 (#PR-1846).
    • Minor improvement: the included appliance manual has been updated to the current version from 2026-04-14 (#PR-1843).

25.0.3 (2026-04-08):

Note: An upgrade to this version requires a reboot of the system.

  • Greenbone OS:
    • Improvement: the RAM limit of the appliance model OPENVAS FREE was increased from 4 GB to 12 GB (#GOS-2949).
    • Improvement: the number of configurable network routes on the appliance models OPENVAS SCAN VIRTUAL and OPENVAS SCAN MSP has been increased from 8 to 1000 (#GOS-3017).
    • Security fix: the write permissions for the file /usr/sbin/openvas were further restricted to prevent potential privilege escalation attacks (#GOS-2899).
    • Security fix: the Linux kernel was upgraded from version 6.12.73-1 to version 6.12.74-2 for virtual appliances. Hardware appliances are not affected by the vulnerabilities (CVE-2025-71238, CVE-2026-23100, CVE-2026-23221, CVE-2026-23233, CVE-2026-23234, CVE-2026-23235, CVE-2026-23236, CVE-2026-23237, CVE-2026-23238).
    • Bug fix: an error was fixed where the download of the OPENVAS COMMUNITY FEED failed (#GOS-2936).
    • Bug fix: an error was fixed where the switch release to GOS 25.0 could fail, if it was reattempted after a previous failure had been fixed (#GOS-3029).
    • Bug fix: an error was fixed where it was not possible to trigger upgrades on sensors via the GOS menu of the master (#GOS-3056).
    • Bug fix: an error was fixed where the hostkey integrity check failed unexpectedly after a GOS upgrade (#GOS-2954, #GS-9788, #GS-10044).
    • Bug fix: an error was fixed where closing the GOS menu in an unsupported way would cause the GOS menu to crash on the next login (#GOS-2983).
    • Bug fix: an error was fixed where generating a support package could fail if no log messages existed (#GOS-3048, #GS-10044).
    • Minor bug fix: an error was fixed where vulnerability scans erroneously showed that hardware appliances were affected by the “VMScape” vulnerability (#GOS-2948).
    • Minor bug fix: an error was fixed where the logging of the gsad web server could stop (#GOS-3028).
    • Minor bug fix: an error was fixed where the erroneous string “APPLIANCE_NAME” was displayed in the GOS selfcheck (#GOS-2964).
  • Vulnerability management:
    • Improvement: the gvm-tools suite was updated to version 25.4.9 and the python-gvm library was updated to version 26.11.1 (#PR-1834).
    • Minor improvement: the included appliance manual has been updated to the current version from 2026-04-02 (#PR-1819).
    • Minor bug fix: an error was fixed where special characters were not displayed correctly in notifications and dialog titles in the web interface (#GEA-1440).
  • Vulnerability scanning:
    • Bug fix: an issue was fixed where the version comparison of RPM packages could be incorrect (#SC-1572, #GS-9657).

25.0.2 (2026-03-05):

Note: An upgrade to this version requires a reboot of the system.

  • Greenbone OS:
    • Improvement: it is now possible to define the content included in a support package. The three main options are “complete”, “moderate” (same as “complete” but without passwords”), and “strict” (same as “moderate” but without network information). The default is “strict”. In addition, it is now possible to select which system modules should be taken into account  when generating a support package (#GOS-827).
    • Improvement: the gsad option --http-only is now enabled and the gsad option --secure-cookie disabled when no HTTPS certificate exists. This makes it possible to use the web interface without an HTTPS certificate again. However, the use of an HTTPS certificate is still strongly recommended (#GOS-2880, #GOS-2959).
    • Improvement: FTP airgap master mode was enabled for the appliance model OPENVAS SCAN VIRTUAL (#GOS-2883, #PP-622).
    • Bug fix: an error was fixed where the dialog that is shown after upgrading from GOS 24.10 to GOS 25.0 still pointed to the GOS 24.10 user manual (#GOS-2927).
  • Vulnerability management:
    • Major bug fix: an error was fixed where a change to certain time zones caused gvmd to crash and rendered most vulnerability management components unusable (#GEA-1600, #GEA-1568, #GS-9723).
    • Major bug fix: an error was fixed where the dialog did not show any VTs when editing VT families in scan configurations (#GEA-1553, #GS-9707, #GS-9712, #GS-9753, #GS-9829).
    • Improvement: a button for creating a container image target directly from the container image task dialog has been added (#GEA-1571).
    • Improvement: the gvm-tools suite was updated to version 25.4.7 and the python-gvm library was updated to version 26.10.1 (#PR-1834).
    • Bug fix: an error was fixed where the status of an import task was set to “Interrupted” after reports have been uploaded (#GEA-1521).
    • Bug fix: an error was fixed where the start time set for a schedule was saved with a one-hour deduction (#GEA-1466, #GEA-1567).
    • Bug fix: an error was fixed where host or operating system objects could not be exported (#GEA-1559, #GEA-1564, #GS-9584, #GS-9607).
    • Bug fix: an error was fixed where filters for host objects could were not created as expected (#GEA-1526, #GS-9520, #GS-9729).
    • Minor improvement: the included appliance manual has been updated to the current version from 2026-02-24 (#PR-1761).
  • Vulnerability scanning:
    • Bug fix: an error was fixed where the openvas-scanner logs claimed that the response could not be processed, if a Notus scan did not return any results (#SC-1559).
    • Security fix: several potential issues where the scanner’s NASL processing lacked integer overflow checks were fixed (#SC-1537).

25.0.1 (2026-02-02):

Note: An upgrade to this version requires a reboot of the system.

  • Greenbone OS:
    • Bug fix: an error was fixed where the GOS administration menu crashed when trying to upload a beaming image (#GOS-2720).
    • Bug fix: an error was fixed where no error message in the self-check was displayed when the remote backup server disk was full (#GOS-2651, #GS-9288).
  • Vulnerability management:
    • Improvement: the option to exclude container images from a container image scan was added (#GEA-1515).
    • Improvement: the option to pause and resume container image scans was added (#GEA-1504).
    • Improvement: the target setting Order for target hosts was removed because it had no longer any effect. The order is always random (#GEA-1300, #SC-180).
    • Improvement: the gvm-tools suite was updated to version 25.4.5 and the python-gvm library was updated to version 26.9.1 (#PR-1834).
    • Security fix: a potential path traversal vulnerability when uploading custom report formats has been fixed (#GEA-1475).
    • Bug fix: an error was fixed where the critical results count was missing in the Hosts tab of a report (#GEA-1453).
    • Bug fix: an error was fixed where the error message “Given group_id was invalid” was displayed when trying to save the changes made in the Edit Group dialog (#GEA-1451, #GS-9335, #GS-9403, #GS-9525, #GS-9515).
    • Bug fix: an error was fixed where, instead of the dashboard, an error message was displayed on the Vulnerabilities page (#GEA-1362).
    • Bug fix: an error was fixed where the auto-generation feature for credentials of the type Username + SSH Key did not work (#GEA-1464, #GS-9359).
    • Bug fix: an error was fixed where the auto-generation feature for credentials of the type Username + Password did not work (#GEA-1516).
    • Bug fix: an error was fixed where the Port input box was incorrectly displayed in the dialog for creating or editing a scanner of the type Greenbone Sensor (#GEA-1473).
    • Bug fix: an error was fixed where the file name of a report was not displayed in the dialog when uploading the report to an import task (#GEA-1490, #GEA-1491).
    • Bug fix: an error was fixed where the pagination icons were missing on the Users page (#GEA-1323, #GS-9032, #GS-9195).
    • Bug fix: an error was fixed where the the edit dialog for a regular scan task was opened when trying to edit an import task (#GEA-1401).
    • Bug fix: an error was fixed where there was no default selection of a scanner type when creating a new scanner. The default type is now Greenbone Sensor (#GEA-1399).
    • Bug fix: an error was fixed where the dashboard display Next Scheduled Tasks on the Tasks page did not have any content (#GEA-1478).
    • Bug fix: an error was fixed where it was not possible to create tags for the resource types HostAuditAudit ReportOperating SystemCERT-Bund AdvisoryDFN-CERT Advisory, and Policy (#GEA-1425, #GS-9293).
    • Bug fix: an error was fixed where a loading indicator was permanently displayed instead of an error message when the import of a report format failed (#GEA-1471).
    • Bug fix: an error was fixed where no custom report formats could be imported (#GEA-1470).
    • Bug fix: an error was fixed where already existing certificates were not displayed for credentials of the type Client Certificate when editing the credentials (#GEA-1314).
    • Bug fix: an error was fixed where the installable packages of credentials of the types Username + Password and Username + SSH Key were not usable (#GEA-1495, #GS-9416, #GS-9604).
    • Bug fix: an error was fixed where there was no error message displayed when no Key Distribution Center (KDC) was specified for credentials of the type SMB (Kerberos) (#GEA-1486).
    • Bug fix: an error was fixed where critical results were not included in an exported delta report (#GEA-1492, #GS-9420).
    • Bug fix: an error was fixed where the message “Feed is currently syncing. Please wait while the feed is syncing.” was displayed on the web interface, even if the feed was not actually synchronizing (#GEA-1445, #GS-7870, #GS-8105, #GS-9251, #GS-9332).
    • Bug fix: an error was fixed where the input boxes for including and excluding hosts from a file where not visible when editing a target when a file was uploaded before (#GEA-1449).
    • Bug fix: an error was fixed where reports could not be exported in the report formats Vulnerability Report HTML and Vulnerability Report PDF (#GEA-1592, #GOS-2751).
    • Minor improvement: a new method of counting scanned assets has been introduced to support the new licensing model (#GEA-1438).
    • Minor improvement: the VT family Arch Linux Local Security Checks is no longer editable when creating or editing a scan configuration (#GEA-1375).
    • Minor improvement: the included appliance manual has been updated to the current version from 2026-01-21 (#PR-1688).
    • Minor improvement: tool tips were added for date/time entries in tables on the web interface (#GEA-1459).
    • Minor improvement: it is now possible to receive the private key’s fingerprint of credentials of the type Client Certificate via GMP (#GEA-1409).
    • Minor bug fix: an error was fixed where the error message displayed when editing an import task failed still used the old naming (#GEA-1406, #GEA-1402).
    • Minor bug fix: an error was fixed where the separators between alive tests methods on a target’s details page were missing (#GEA-1397).
    • Minor bug fix: an error was fixed where the old naming “container task” for an import task was still in use (#GEA-1402).
    • Minor bug fix: an spelling error was fixed in the dialog for creating or editing an alert (#GEA-1417).
    • Minor bug fix: an error was fixed where the icons for the wizard and for creating a new task did not have tool tips (#GEA-1411).
    • Minor bug fix: an error was fixed where the link to the audit on the details page of an audit report led to a wrong URL (#GEA-1389).
    • Minor bug fix: an error was fixed where it was not possible to create credentials of the type Username + SSH Key without a passphrase for the SSH key (#GEA-1403).
    • Minor bug fix: an error was fixed where the icons for resetting and removing the filter were missing in the filter bar of the Users page (#GEA-1463).
    • Minor bug fix: an error was fixed where the table functionalities Apply to selected and Apply to all filtered were not working on the Users page (#GEA-1463).
    • Minor bug fix: an error was fixed where gvmd could return an empty XML element (#GEA-1472).
  • Vulnerability scanning:
    • Major bug fix: an error was fixed where a segmentation fault could occur, causing scans to be interrupted, when the Notus scanner was used, but did not return any results (#SC-1529).

25.0.0 (2025-12-19):

Product Portfolio and New License Model

  • The new appliance model OPENVAS SCAN VIRTUAL was added. With its use, a new licensing model will be supported. Licensing will be converted to an asset-based model in the future. This means that the scope of the license will no longer be based on fixed device limits, as was previously the case, but on the number of assets to be analyzed.

Container Image Scanning

  • A new functionality for scanning container images was added for selected appliance models. For this, containers are loaded from one or more container registries defined by the user, the packages used for the container are identified and checked for vulnerabilities, and a report thereof is provided to the user.

Base System

  • With GOS 25.0, the underlying Linux foundation of GOS was updated to the latest version. This includes the addition of post-quantum cryptography (PQC) cryptographic algorithms.