CVE-2025-6018

EUVD-2025-22455

23.07.2025, 15:15

A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized control over system configurations, services, or other sensitive operations.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 25%

Affected Products (NVD)

Vendor	Product	Version
suse	pam-config	1.1.8-24.71.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

pam

bookworm	1.5.2-6+deb12u2 fixed
bullseye	1.4.0-9+deb11u1 fixed
bullseye (security)	1.4.0-9+deb11u2 fixed
forky	1.7.0-5 fixed
sid	1.7.0-5 fixed
trixie	1.7.0-5 fixed

Ubuntu Releases

Ubuntu Product

Codename

pam

bionic	not-affected
focal	not-affected
jammy	not-affected
noble	not-affected
oracular	not-affected
plucky	not-affected
trusty	not-affected
xenial	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

gdm

suse enterprise desktop 15 SP6	45.0.1-150600.6.8.1 fixed
suse enterprise desktop 15 SP7	45.0.1-150700.12.5.1 fixed
suse enterprise sap 15 SP4	41.3-150400.4.14.1 fixed
suse enterprise sap 15 SP5	41.3-150400.4.14.1 fixed
suse enterprise sap 15 SP6	45.0.1-150600.6.8.1 fixed
suse enterprise sap 15 SP7	45.0.1-150700.12.5.1 fixed
suse enterprise server 12 SP3	3.10.0.1-54.23.1 fixed
suse enterprise server 12 SP5	3.10.0.1-54.23.1 fixed
suse enterprise server 15 SP2	3.34.1-150200.8.26.1 fixed
suse enterprise server 15 SP3	3.34.1-150200.8.26.1 fixed
suse enterprise server 15 SP4	41.3-150400.4.14.1 fixed
suse enterprise server 15 SP5	41.3-150400.4.14.1 fixed
suse enterprise server 15 SP6	45.0.1-150600.6.8.1 fixed
suse enterprise server 15 SP7	45.0.1-150700.12.5.1 fixed

gdm-devel

suse enterprise desktop 15 SP6	45.0.1-150600.6.8.1 fixed
suse enterprise desktop 15 SP7	45.0.1-150700.12.5.1 fixed
suse enterprise sap 15 SP4	41.3-150400.4.14.1 fixed
suse enterprise sap 15 SP5	41.3-150400.4.14.1 fixed
suse enterprise sap 15 SP6	45.0.1-150600.6.8.1 fixed
suse enterprise sap 15 SP7	45.0.1-150700.12.5.1 fixed
suse enterprise server 12 SP5	3.10.0.1-54.23.1 fixed
suse enterprise server 15 SP2	3.34.1-150200.8.26.1 fixed
suse enterprise server 15 SP3	3.34.1-150200.8.26.1 fixed
suse enterprise server 15 SP4	41.3-150400.4.14.1 fixed
suse enterprise server 15 SP5	41.3-150400.4.14.1 fixed
suse enterprise server 15 SP6	45.0.1-150600.6.8.1 fixed
suse enterprise server 15 SP7	45.0.1-150700.12.5.1 fixed

gdm-lang

suse enterprise desktop 15 SP6	45.0.1-150600.6.8.1 fixed
suse enterprise desktop 15 SP7	45.0.1-150700.12.5.1 fixed
suse enterprise sap 15 SP4	41.3-150400.4.14.1 fixed
suse enterprise sap 15 SP5	41.3-150400.4.14.1 fixed
suse enterprise sap 15 SP6	45.0.1-150600.6.8.1 fixed
suse enterprise sap 15 SP7	45.0.1-150700.12.5.1 fixed
suse enterprise server 12 SP3	3.10.0.1-54.23.1 fixed
suse enterprise server 12 SP5	3.10.0.1-54.23.1 fixed
suse enterprise server 15 SP2	3.34.1-150200.8.26.1 fixed
suse enterprise server 15 SP3	3.34.1-150200.8.26.1 fixed
suse enterprise server 15 SP4	41.3-150400.4.14.1 fixed
suse enterprise server 15 SP5	41.3-150400.4.14.1 fixed
suse enterprise server 15 SP6	45.0.1-150600.6.8.1 fixed
suse enterprise server 15 SP7	45.0.1-150700.12.5.1 fixed

gdm-schema

suse enterprise desktop 15 SP6	45.0.1-150600.6.8.1 fixed
suse enterprise desktop 15 SP7	45.0.1-150700.12.5.1 fixed
suse enterprise sap 15 SP4	41.3-150400.4.14.1 fixed
suse enterprise sap 15 SP5	41.3-150400.4.14.1 fixed
suse enterprise sap 15 SP6	45.0.1-150600.6.8.1 fixed
suse enterprise sap 15 SP7	45.0.1-150700.12.5.1 fixed
suse enterprise server 15 SP4	41.3-150400.4.14.1 fixed
suse enterprise server 15 SP5	41.3-150400.4.14.1 fixed
suse enterprise server 15 SP6	45.0.1-150600.6.8.1 fixed
suse enterprise server 15 SP7	45.0.1-150700.12.5.1 fixed

gdm-systemd

suse enterprise desktop 15 SP6	45.0.1-150600.6.8.1 fixed
suse enterprise desktop 15 SP7	45.0.1-150700.12.5.1 fixed
suse enterprise sap 15 SP4	41.3-150400.4.14.1 fixed
suse enterprise sap 15 SP5	41.3-150400.4.14.1 fixed
suse enterprise sap 15 SP6	45.0.1-150600.6.8.1 fixed
suse enterprise sap 15 SP7	45.0.1-150700.12.5.1 fixed
suse enterprise server 15 SP2	3.34.1-150200.8.26.1 fixed
suse enterprise server 15 SP3	3.34.1-150200.8.26.1 fixed
suse enterprise server 15 SP4	41.3-150400.4.14.1 fixed
suse enterprise server 15 SP5	41.3-150400.4.14.1 fixed
suse enterprise server 15 SP6	45.0.1-150600.6.8.1 fixed
suse enterprise server 15 SP7	45.0.1-150700.12.5.1 fixed

gdmflexiserver

suse enterprise desktop 15 SP6	45.0.1-150600.6.8.1 fixed
suse enterprise desktop 15 SP7	45.0.1-150700.12.5.1 fixed
suse enterprise sap 15 SP4	41.3-150400.4.14.1 fixed
suse enterprise sap 15 SP5	41.3-150400.4.14.1 fixed
suse enterprise sap 15 SP6	45.0.1-150600.6.8.1 fixed
suse enterprise sap 15 SP7	45.0.1-150700.12.5.1 fixed
suse enterprise server 12 SP3	3.10.0.1-54.23.1 fixed
suse enterprise server 12 SP5	3.10.0.1-54.23.1 fixed
suse enterprise server 15 SP2	3.34.1-150200.8.26.1 fixed
suse enterprise server 15 SP3	3.34.1-150200.8.26.1 fixed
suse enterprise server 15 SP4	41.3-150400.4.14.1 fixed
suse enterprise server 15 SP5	41.3-150400.4.14.1 fixed
suse enterprise server 15 SP6	45.0.1-150600.6.8.1 fixed
suse enterprise server 15 SP7	45.0.1-150700.12.5.1 fixed

libgdm1

suse enterprise desktop 15 SP6	45.0.1-150600.6.8.1 fixed
suse enterprise desktop 15 SP7	45.0.1-150700.12.5.1 fixed
suse enterprise sap 15 SP4	41.3-150400.4.14.1 fixed
suse enterprise sap 15 SP5	41.3-150400.4.14.1 fixed
suse enterprise sap 15 SP6	45.0.1-150600.6.8.1 fixed
suse enterprise sap 15 SP7	45.0.1-150700.12.5.1 fixed
suse enterprise server 12 SP3	3.10.0.1-54.23.1 fixed
suse enterprise server 12 SP5	3.10.0.1-54.23.1 fixed
suse enterprise server 15 SP2	3.34.1-150200.8.26.1 fixed
suse enterprise server 15 SP3	3.34.1-150200.8.26.1 fixed
suse enterprise server 15 SP4	41.3-150400.4.14.1 fixed
suse enterprise server 15 SP5	41.3-150400.4.14.1 fixed
suse enterprise server 15 SP6	45.0.1-150600.6.8.1 fixed
suse enterprise server 15 SP7	45.0.1-150700.12.5.1 fixed

pam

suse enterprise desktop 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise desktop 15 SP7	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP7	1.3.0-150000.6.83.1 fixed
suse enterprise server 12 SP3	1.1.8-24.71.1 fixed
suse enterprise server 12 SP5	1.1.8-24.71.1 fixed
suse enterprise server 15 SP2	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP3	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP7	1.3.0-150000.6.83.1 fixed

pam-32bit

suse enterprise desktop 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise desktop 15 SP7	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP7	1.3.0-150000.6.83.1 fixed
suse enterprise server 12 SP3	1.1.8-24.71.1 fixed
suse enterprise server 12 SP5	1.1.8-24.71.1 fixed
suse enterprise server 15 SP2	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP3	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP7	1.3.0-150000.6.83.1 fixed

pam-config

suse enterprise desktop 15 SP6	1.1-150600.16.8.1 fixed
suse enterprise desktop 15 SP7	1.1-150600.16.8.1 fixed
suse enterprise sap 15 SP4	1.1-150200.3.14.1 fixed
suse enterprise sap 15 SP5	1.1-150200.3.14.1 fixed
suse enterprise sap 15 SP6	1.1-150600.16.8.1 fixed
suse enterprise sap 15 SP7	1.1-150600.16.8.1 fixed
suse enterprise server 12 SP3	0.89-5.8.1 fixed
suse enterprise server 12 SP5	0.89-5.8.1 fixed
suse enterprise server 15 SP2	1.1-150200.3.14.1 fixed
suse enterprise server 15 SP3	1.1-150200.3.14.1 fixed
suse enterprise server 15 SP4	1.1-150200.3.14.1 fixed
suse enterprise server 15 SP5	1.1-150200.3.14.1 fixed
suse enterprise server 15 SP6	1.1-150600.16.8.1 fixed
suse enterprise server 15 SP7	1.1-150600.16.8.1 fixed

pam-devel

suse enterprise desktop 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise desktop 15 SP7	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP7	1.3.0-150000.6.83.1 fixed
suse enterprise server 12 SP5	1.1.8-24.71.1 fixed
suse enterprise server 15 SP2	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP3	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP7	1.3.0-150000.6.83.1 fixed

pam-devel-32bit

suse enterprise sap 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP2	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP3	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP5	1.3.0-150000.6.83.1 fixed

pam-doc

suse enterprise desktop 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise desktop 15 SP7	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP7	1.3.0-150000.6.83.1 fixed
suse enterprise server 12 SP3	1.1.8-24.71.1 fixed
suse enterprise server 12 SP5	1.1.8-24.71.1 fixed
suse enterprise server 15 SP2	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP3	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP7	1.3.0-150000.6.83.1 fixed

pam-extra

suse enterprise desktop 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise desktop 15 SP7	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP7	1.3.0-150000.6.83.1 fixed
suse enterprise server 12 SP3	1.1.8-24.71.1 fixed
suse enterprise server 12 SP5	1.1.8-24.71.1 fixed
suse enterprise server 15 SP2	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP3	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP7	1.3.0-150000.6.83.1 fixed

pam-extra-32bit

suse enterprise desktop 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise desktop 15 SP7	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP7	1.3.0-150000.6.83.1 fixed
suse enterprise server 12 SP3	1.1.8-24.71.1 fixed
suse enterprise server 12 SP5	1.1.8-24.71.1 fixed
suse enterprise server 15 SP2	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP3	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP7	1.3.0-150000.6.83.1 fixed

pam_pkcs11

suse enterprise desktop 15 SP6	0.6.10-150600.16.8.1 fixed
suse enterprise desktop 15 SP7	0.6.10-150600.16.8.1 fixed
suse enterprise sap 15 SP4	0.6.10-150100.3.11.1 fixed
suse enterprise sap 15 SP5	0.6.10-150100.3.11.1 fixed
suse enterprise sap 15 SP6	0.6.10-150600.16.8.1 fixed
suse enterprise sap 15 SP7	0.6.10-150600.16.8.1 fixed
suse enterprise server 12 SP3	0.6.8-7.13.1 fixed
suse enterprise server 12 SP5	0.6.8-7.13.1 fixed
suse enterprise server 15 SP2	0.6.10-150100.3.11.1 fixed
suse enterprise server 15 SP3	0.6.10-150100.3.11.1 fixed
suse enterprise server 15 SP4	0.6.10-150100.3.11.1 fixed
suse enterprise server 15 SP5	0.6.10-150100.3.11.1 fixed
suse enterprise server 15 SP6	0.6.10-150600.16.8.1 fixed
suse enterprise server 15 SP7	0.6.10-150600.16.8.1 fixed

pam_pkcs11-32bit

suse enterprise desktop 15 SP6	0.6.10-150600.16.8.1 fixed
suse enterprise desktop 15 SP7	0.6.10-150600.16.8.1 fixed
suse enterprise sap 15 SP4	0.6.10-150100.3.11.1 fixed
suse enterprise sap 15 SP5	0.6.10-150100.3.11.1 fixed
suse enterprise sap 15 SP6	0.6.10-150600.16.8.1 fixed
suse enterprise sap 15 SP7	0.6.10-150600.16.8.1 fixed
suse enterprise server 12 SP3	0.6.8-7.13.1 fixed
suse enterprise server 12 SP5	0.6.8-7.13.1 fixed
suse enterprise server 15 SP2	0.6.10-150100.3.11.1 fixed
suse enterprise server 15 SP3	0.6.10-150100.3.11.1 fixed
suse enterprise server 15 SP4	0.6.10-150100.3.11.1 fixed
suse enterprise server 15 SP5	0.6.10-150100.3.11.1 fixed
suse enterprise server 15 SP6	0.6.10-150600.16.8.1 fixed
suse enterprise server 15 SP7	0.6.10-150600.16.8.1 fixed

typelib-1_0-Gdm-1_0

suse enterprise desktop 15 SP6	45.0.1-150600.6.8.1 fixed
suse enterprise desktop 15 SP7	45.0.1-150700.12.5.1 fixed
suse enterprise sap 15 SP4	41.3-150400.4.14.1 fixed
suse enterprise sap 15 SP5	41.3-150400.4.14.1 fixed
suse enterprise sap 15 SP6	45.0.1-150600.6.8.1 fixed
suse enterprise sap 15 SP7	45.0.1-150700.12.5.1 fixed
suse enterprise server 12 SP3	3.10.0.1-54.23.1 fixed
suse enterprise server 12 SP5	3.10.0.1-54.23.1 fixed
suse enterprise server 15 SP2	3.34.1-150200.8.26.1 fixed
suse enterprise server 15 SP3	3.34.1-150200.8.26.1 fixed
suse enterprise server 15 SP4	41.3-150400.4.14.1 fixed
suse enterprise server 15 SP5	41.3-150400.4.14.1 fixed
suse enterprise server 15 SP6	45.0.1-150600.6.8.1 fixed
suse enterprise server 15 SP7	45.0.1-150700.12.5.1 fixed

Known Exploits!

Common Weakness Enumeration

CWE-863 - Incorrect Authorization
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References

https://access.redhat.com/security/cve/CVE-2025-6018

https://bugzilla.redhat.com/show_bug.cgi?id=2372693

https://bugzilla.suse.com/show_bug.cgi?id=1243226

https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt

http://www.openwall.com/lists/oss-security/2025/08/28/4

https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt