Offensive Security has released Kali Linux 2025.4, updating its penetration testing platform with improved desktop environments and fresh tools. The version focuses on usability across GNOME, KDE Plasma, and XFCE, while adding support for more devices in Kali NetHunter. It also defaults to Wayland for better compatibility.
Offensive Security (OffSec) announced Kali Linux 2025.4 on December 15, 2025, bringing updates to its popular distribution for penetration testing and digital forensics. The release emphasizes "quality-of-life" improvements, particularly in desktop environments.
The GNOME desktop, now at version 49, features fresher themes and replaces the Totem video player with the Showtime app. Kali tools are organized into folders in the app grid for easier access, and users can open a terminal with the Ctrl+Alt+T or Win+T shortcut. KDE Plasma has been updated to version 6.5, including a new screenshot tool with editing capabilities, quick access to pinned clipboard items, and a search function that handles misspellings to launch the correct app. The XFCE environment now supports color themes.
Across all desktops, Kali Linux 2025.4 defaults to the Wayland display server protocol, which was previously standard in KDE and is now implemented in GNOME. Configurations ensure compatibility with virtual machine guest extensions from VirtualBox, VMware, and QEMU, enabling features like clipboard sharing and window scaling.
A playful addition is the Halloween Mode in the kali-undercover tool, which applies a themed desktop with pumpkins, spiders, and ghosts when run via the terminal command 'kali-undercover --halloween'. This stems from a recent Pumpkin Carving Contest.
Three new tools join the repository: bpf-linker, which statically links multiple Berkeley Packet Filter (BPF) object files and optimizes for older kernels; evil-winrm-py, a Python implementation for executing commands on remote Windows machines via the Windows Remote Management (WinRM) protocol; and hexstrike-ai, an MCP server allowing AI agents to autonomously run tools.
Kali NetHunter, the mobile penetration testing platform, gains support for additional devices: Samsung Galaxy S10, S10e, S10 Plus, and S10 5G on LineageOS 23; OnePlus Nord on Android 16; and Xiaomi Mi 9 on Android 15. It includes the Snowfall feature and runs a terminal.
Due to its size—around 14 GB—the Kali Live image, a bootable version for USB or DVD, is available only via BitTorrent. Smaller installer images, such as 4.9 GB for x86_64 and 3.7 GB for ARM64 Apple Silicon, can be downloaded directly from Kali servers. This follows the previous point release, 2025.3, from late September, which added virtual machine simplifications and ten new tools.
