Kali Linux 2025.3 Released: Nexmon Wi‑Fi Support, New Pentest Tools & Faster VM Images

Core Feature Updates

Nexmon Support Restored

By patching firmware, Nexmon now enables monitor mode and packet injection on Broadcom and Cypress Wi‑Fi chips, allowing devices such as Raspberry Pi 5 to sniff and inject wireless traffic directly, expanding wireless security assessment scenarios.

VM Image Build Process Optimized

The previous Packer‑generated Vagrant images are discontinued; changes are now merged into existing VM build scripts, and the HashiCorp Packer scripts have been upgraded to the v2 standard, improving build consistency and simplifying collaborative testing across platforms.

Architecture Change: Dropping ARMEL Support

Following Debian testing decisions, ARM EL packages are no longer provided, reducing maintenance overhead. Older hardware such as the original Raspberry Pi 1 and Zero W will not run the latest release, with resources shifting toward RISC‑V platforms.

Xfce Desktop Improvements

The VPN IP plugin is updated, allowing users to configure which network interfaces the plugin monitors, simplifying multi‑VPN or non‑standard interface setups. Several bugs and vulnerabilities have also been fixed, enhancing overall system stability.

Mobile & Automotive Security Enhancements

Support for Samsung Galaxy S10 adds built‑in dual‑band (2.4 GHz/5 GHz) Wi‑Fi monitoring and injection. The automotive hacking suite receives a new UI, code refactor, tool extensions, and integration with UDSim for richer vehicle simulation capabilities.

New Tools and Ecosystem Expansion

Ten new penetration‑testing utilities are included, covering AI‑driven vulnerability scanning, multi‑user tunneling, Kerberos relay attacks, virtual Wi‑Fi creation, and more.

Caido & Caido‑cli : Web security audit suite with GUI client and CLI server.

Detect It Easy (DiE) : File‑type identification tool.

Gemini CLI : Open‑source agent that integrates Google Gemini AI into the command line.

krbrelayx : Kerberos relay and unconstrained delegation exploitation toolkit.

ligolo‑mp : Multi‑user cascading tunnel solution.

llm‑tools‑nmap : Enables large language models to invoke nmap for network scanning, boosting scan speed up to threefold.

mcp‑kali‑server : Configuration tool linking AI agents with Kali.

patchleaks : Quickly identifies security fixes in software patches.

vwifi‑dkms : Driver module for creating virtual “pseudo” Wi‑Fi networks.

Caido & Caido‑cli (duplicate entry retained from source).

Installation and Upgrade

Official images are available for 64‑bit desktop, ARM, VM, cloud, WSL, and mobile platforms. sudo apt update && sudo apt -y full-upgrade After upgrading, verify the version by checking the /etc/os-release file.

Conclusion

Kali Linux 2025.3 brings back Nexmon wireless capabilities, adds cutting‑edge tools, streamlines VM image creation, and drops legacy ARMEL support, resulting in a 35% faster boot, 25% lower memory usage, and roughly 50% overall performance improvement, making it an "out‑of‑the‑box ultimate weapon kit" for wireless, AI‑augmented, and mobile penetration testing.