CVE-2025-6018

EUVD-2025-22455
A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized control over system configurations, services, or other sensitive operations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhatCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
susepam-config
1.1.8-24.71.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pam
bookworm
1.5.2-6+deb12u2
fixed
bullseye
1.4.0-9+deb11u1
fixed
bullseye (security)
1.4.0-9+deb11u2
fixed
forky
1.7.0-5
fixed
sid
1.7.0-5
fixed
trixie
1.7.0-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pam
bionic
not-affected
focal
not-affected
jammy
not-affected
noble
not-affected
oracular
not-affected
plucky
not-affected
trusty
not-affected
xenial
not-affected
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2025-6018
https://bugzilla.redhat.com/show_bug.cgi?id=2372693
https://bugzilla.suse.com/show_bug.cgi?id=1243226
https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
http://www.openwall.com/lists/oss-security/2025/08/28/4
https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt