Kali Linux 2025.3 arrives with sweeping platform enhancements, revived wireless capabilities and a slate of fresh offensive security utilities.
Building on the June 2025.2 release, this update modernizes VM provisioning, reintroduces Nexmon support for Raspberry Pi and related devices, and adds ten new tools to the rolling repositories—all while announcing the retirement of legacy ARMel support.
VM Builds with Vagrant and DebOS
Kali’s VM creation workflow has undergone a major revision. Historically, Packer build-scripts would generate Vagrant images, but the need for greater flexibility particularly when targeting Hyper-V on Linux hosts prompted the team to rethink this process.
In 2025.3, Kali replaces Packer-driven Vagrant provisioning with a new DebOS-based approach. Pre-seed examples in the recipes repository were audited for consistency, ensuring that automated installers behave identically across platforms.
The Packer build-scripts themselves were upgraded from v1 to v2 standards, while dedicated VM build-scripts now apply the necessary Vagrant tweaks directly.
Users desiring deeper background on this transformation can review the Kali Vagrant Rebuilt blog post, which details the rationale and provides migration guidance.
Nexmon Wireless Revived on ARM
Wireless pentesters rejoice: Nexmon’s patched firmware now supports monitor mode and injection on Raspberry Pi in-built Wi-Fi, including the new Raspberry Pi 5.
Initially introduced in Kali 2025.1 via an updated Pi kernel packaging strategy, Nexmon functionality was temporarily sidelined. With 2025.3, support returns alongside compatible Broadcom and Cypress chipsets found in various SBCs.
While frame injection and packet sniffing can be achieved without Nexmon on some devices, its inclusion simplifies workflows and extends capability to more hardware.
Concurrently, Kali ARM maintenance addressed kernel update issues and consolidated Raspberry Pi images: arm64 is now the default for all Pi models supporting 64-bit, with armhf retained solely for legacy Pi 2.
Following Debian’s lead, Kali 2025.3 deprecates ARMel (Acorn RISC Machine, Little-Endian) support. With Raspberry Pi 1, Pi Zero and the end-of-life ODROID-W constituting the remaining ARMel user base, the team elected to reallocate scarce development resources toward emerging RISC-V architectures.
Users still operating on 32-bit Pi hardware can continue with armhf images, but no new ARMel packages will be produced. This strategic shift paves the way for expanded RISC-V experimentation and future official support.
Configurable VPN Panel Plugin for Xfce
Small but impactful, the Xfce VPN-IP panel plugin now allows selection of any network interface for real-time IP monitoring.
.webp)
Previously fixed to the first detected VPN, users can now right-click the plugin, access preferences and specify the desired interface via the “Command” parameter.
This improvement streamlines multi-VPN scenarios and enhances desktop usability for security professionals juggling multiple encrypted tunnels.
Ten New Offensive Security Tools
Kali 2025.3 enriches its arsenal with ten freshly packaged tools: Caido and its server-side counterpart Caido-cli provide a comprehensive web auditing GUI and backend.
Detect It Easy (DiE) simplifies file type identification, while Gemini CLI brings Google’s Gemini AI into the terminal. Kerberos relaying and unconstrained delegation attacks can be automated via krbrelayx, and ligolo-mp enables multiplayer pivoting during red-team exercises.
The llm-tools-nmap integration empowers large language models to orchestrate network scans. MCP-Kali-Server connects AI agents to Kali for advanced automation.
Patchleaks highlights security fixes for rapid validation or exploitation, and vwifi-dkms facilitates creation of dummy Wi-Fi networks for testing.
Kali NetHunter and CARsenal Enhancements
On the mobile front, Kali NetHunter welcomes the Samsung Galaxy S10 as the first budget-friendly internal-injection device since the Nexus 5.
The Nexmon and NetHunter kernels have been ported to enable 2.4 GHz and 5 GHz injection, with Hijacker arm64 ensuring app stability.
CARsenal, the dedicated car-hacking suite, receives a UI overhaul: settings migrate to the menu bar, and all service and tool commands are editable with long presses.
The Simulator module (formerly ICSim) gains UDSim and floating window support, while a new Metasploit Framework tab brings automotive exploitation modules directly into the mobile interface.
Six new mirrors in Asia, along with tier-0 bandwidth expanded from 500 Mb/s to 3 Gb/s, accelerate repository syncs worldwide.
Community members from Nanjing University, Tsinghua University, Jeonnam High School and others are recognized for their sponsorship.
Documentation updates include new guides on Docker installation, GPG key expiry resolution and packaging systems, ensuring users and contributors alike have up-to-date references.
To upgrade existing installations, simply refresh the rolling repositories, perform a full-upgrade and reboot. New users can download standard or weekly builds for instant access to the latest packages.
With Kali Linux 2025.3, offensive security professionals gain a more maintainable VM workflow, restored wireless pentesting capabilities on ARM, a growing tools ecosystem and a clear path toward next-generation architectures.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
