The cybersecurity distribution Kali Linux has released its 2025.3 version, a quarterly update that continues the project’s steady development. This release brings significant changes: a revamped VM creation process with Vagrant, the return of Nexmon support (monitor mode and packet injection) for the built-in Wi-Fi on Raspberry Pi, the addition of 10 new tools, and major improvements to Kali NetHunter, the mobile edition. The team also announced the end of ARMel support, updates to packages and documentation, more mirrors for downloads, and a sixfold bandwidth increase at the central mirror, speeding up package distribution worldwide.
Below is a practical, humanized summary of the most relevant highlights in Kali 2025.3.
Vagrant rebuilt: out with Packer in this flow, in with DebOS
Kali has long relied on two HashiCorp products that complement each other:
- Packer: automates VM image creation for multiple platforms from a single configuration.
- Vagrant: builds and manages environments using those VMs.
Until now, Kali generated Vagrant VMs from Packer builds. It worked, but was not ideal for their infrastructure (for instance, building Hyper-V images from Linux). With 2025.3, the process has been reengineered to simplify and unify platform builds:
- Preseed examples for automation have been updated and made consistent.
- Packer build-scripts upgraded to v2 standards.
- VM scripts revised; Vagrant images now come from the same VM build framework, with tweaks folded into the existing scripts.
The rationale and details are explained in the post “Kali Vagrant Rebuilt: Out With Packer, In With DebOS”: the goal is to reduce friction, improve reproducibility, and eliminate bottlenecks when generating images for multiple hypervisors.
Nexmon returns: monitor and injection mode on Raspberry Pi’s built-in Wi-Fi
Nexmon is a “patched” firmware for certain Broadcom and Cypress chipsets, enabling:
- Monitor mode: sniff packets without joining an AP.
- Injection: send raw, custom frames for advanced testing.
In 2025.1, Kali had to rework its Raspberry Pi kernel packaging. Now, with 2025.3, Nexmon is back, and it supports the Raspberry Pi 5 as well. This means Raspberry Pi devices can once again sniff and inject packets with their onboard Wi-Fi, without needing external adapters. Nexmon is not limited to Pis—other devices with compatible chipsets can benefit too.
For educators and pentesters, this is a key usability gain: fewer dongles, more portability for labs and demos.
Goodbye ARMel
Kali is dropping ARMel (Acorn RISC Machine, little-endian) support, following Debian’s lead. Debian “trixie” 13 will be the last release to support it, and Debian testing (Kali’s base) no longer builds ARMel packages.
This affects only a few legacy devices:
- Raspberry Pi 1
- Raspberry Pi Zero W
- ODROID-W (already end-of-life)
Maintaining ARMel consumed disproportionate resources for a very limited user base. The team prefers to invest efforts into RISC-V and more impactful architectures.
More flexible VPN-IP plugin for Xfce
The VPN-IP panel plugin introduced in Kali 2024.1 now supports selecting which interface to monitor, instead of only showing the first VPN connection. Users can configure it via the plugin’s preferences dialog.
Ten new tools added
Kali wouldn’t be Kali without new toys. Version 2025.3 brings 10 new tools to the repositories (and many updates):
- Caido (GUI client) – web security auditing toolkit.
- caido-cli (server) – backend for Caido.
- Detect It Easy (DiE) – file type and packer identification.
- Gemini CLI – open-source AI agent bringing Gemini to your terminal.
- krbrelayx – Kerberos relay and unconstrained delegation abuse.
- ligolo-mp – “multiplayer” pivoting tool.
- llm-tools-nmap – lets LLMs run nmap discovery/scans.
- mcp-kali-server – MCP server config to connect AI agents with Kali.
- patchleaks – detects and explains security patches in diffs.
- vwifi-dkms – create dummy Wi-Fi networks for simulation.
Note: the team hinted that in 2025.4 the default metapackage (kali-linux-default) may change tool selection.
NetHunter highlights: Galaxy S10 as budget Wi-Fi device, CARsenal rewritten
Kali’s mobile edition NetHunter gets major updates:
New affordable device for Wi-Fi monitor+injection
After years without a successor to the Nexus 5, the team confirmed the Samsung Galaxy S10 now supports internal Wi-Fi monitor+injection at 2.4 and 5 GHz. This required collaboration:
- Nexmon patched the Broadcom firmware.
- @V0lk3n ported the NetHunter kernel.
- @yesimxev published Hijacker arm64 to prevent crashes.
CARsenal fully refactored
The automotive hacking toolkit CARsenal has been restructured with:
- Settings moved to menu bar.
- New RFComm Connect service.
- Caring Caribou fully integrated (except DOIP, planned for 2025.4).
- ICSim renamed to Simulator, with UDSim added; now supports floating window mode.
- New MSF tab for Metasploit automotive modules.
- UI refresh, updated libraries, bugfixes, new docs, and CAN kernel support on OnePlus 6 (LineageOS 22.2).
The team stresses: never test on your daily driver car—only in safe, controlled environments.
Other NetHunter changes
- Kernel modules can now be installed via Magisk (experimental).
- Fixed boot animation.
- API support extended to 21–34+.
- Updated BusyBox, Gradle, libraries, and fragments (Audio, GPS).
- Deprecated AsyncTask replaced by Executer (better threading).
- More bugfixes and database updates (WPS, templates).
Playground experiments
The devs even demoed a car radio airspace visualizer using NetHunter + RTL-SDR, plus a Bad Bluetooth Attack against a smartwatch/tablet combo.
ARM improvements
For Raspberry Pi and other SBCs:
- Fixed issue where kernels didn’t always update.
- Recommended image is now arm64, which also works on Raspberry Pi 5.
- Pi 2 remains 32-bit only (armhf).
Faster mirrors and new servers
Kali’s tier-0 mirror (archive.kali.org) got a major boost: from 500 Mb/s to 3 Gb/s, a sixfold increase. This speeds up syncs and package distribution.
New mirrors added this cycle:
- Asia: Nanjing University, Nanyang Institute of Tech, Tsinghua University (China); Tefexia (Japan); Jeonnam School and zzuniMirror (South Korea).
- IONOS: new servers in Germany and the US.
Documentation and blog updates
Documentation updated:
- Installing Docker on Kali (updated).
- Resolving APT key expiration errors (new).
- Packaging setup guide (updated).
- Resetting BloodHound admin password (updated).
Recent blog posts:
- Raspberry Pi’s Wi-Fi Glow-Up.
- Kali Linux & Containerization (Apple).
- Kali Vagrant Rebuilt: Out With Packer, In With DebOS.
Community credits: @Arszilla, @Chris Patterson, @Eko Wibowo, @Funeoz, @hinoshiba, @IAmNewbie99, @serval.
Getting Kali 2025.3
- Fresh images available now.
- Weekly builds for those who want the very latest packages (less QA, more cutting-edge).
Existing installs can update with:
echo "deb http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware" | sudo tee /etc/apt/sources.list
sudo apt update && sudo apt -y full-upgrade
cp -vrbi /etc/skel/. ~/
[ -f /var/run/reboot-required ] && sudo reboot -f
Code language: PHP (php)Check version:
grep VERSION /etc/os-release
uname -v
uname -r
Final thoughts: why 2025.3 matters
Three takeaways from this release:
- Cleaner workflows with Vagrant → fewer build headaches, more reproducibility.
- Hardware autonomy: Nexmon on Raspberry Pi and the Galaxy S10 lower entry barriers for Wi-Fi auditing without extra dongles.
- AI integration: Gemini CLI and LLM-related tools hint at responsibly embedding AI into auditing workflows.
Kali 2025.3 doesn’t reinvent the distro, but it polishes, restores, and extends key functionality. It’s a maturity release with very practical benefits for daily users.
FAQs
How do I enable monitor and injection mode on Raspberry Pi with Kali 2025.3?
Update to 2025.3, install Nexmon firmware for your Pi model (including Pi 5), and load the patched drivers. Then use tools like airmon-ng or iw to activate monitor mode and injection.
What changed in Vagrant VM creation in this release?
Kali no longer builds Vagrant VMs directly from Packer. Instead, it uses the standard VM scripts, updated to v2, which results in more consistent and reproducible builds.
Which new tools stand out for penetration testers?
Caido (web auditing), krbrelayx (Kerberos abuse), ligolo-mp (pivoting), and patchleaks (patch diff analysis). For AI-driven workflows, Gemini CLI and llm-tools-nmap are notable.
How can I upgrade to Kali Linux 2025.3 and verify the version?
Run apt update && full-upgrade, reboot if prompted, then confirm with grep VERSION /etc/os-release. Kernel info can be checked with uname -v and uname -r.
vía: kali.org
