Qualys Cloud Agent for AWS Bottlerocket ARM Release 6.0.1
November 17, 2025
With this release of AWS Bottlerocket ARM Cloud Agent, no new features or enhancements are being released. The Issues Addressed section mentions the issues fixed in this release.
Behavior Changes
There are no behavior changes in this release.
Platform Coverage Support
There is no new platform coverage added in this release.
Issues Addressed
The following notable and important issues are fixed in this release.
| Category/Component | Issue Description |
| Cloud Agent Processes | We fixed an issue where Cloud Agents hosted on AWS Botterocket AMIs were not updating any host data in the user interface. |
| Untrusted Search Path Vulnerability | The shell scripts packaged with the Cloud Agent installer execute multiple system utilities without an absolute path or resetting a path to a safe value. This allows a malicious actor to place harmful files on your assets when the shell scripts are executed with elevated privileges. We have updated this behavior by setting up the fixed paths for shell script execution. This enhancement prevents the infiltration of malicious files on your assets and prevents you from any potential security threats. The updated shell script behavior also helps in mitigating the Untrusted Search Path Vulnerability (CWE-426). |
Known Issues
There are no known limitations in this release.