CVE-2025-6018

23.07.2025, 15:15

A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized control over system configurations, services, or other sensitive operations.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhat	CNA	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 41%

Vendor	Product	Version
suse	pam-config	1.1.8-24.71.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

pam

bullseye	1.4.0-9+deb11u1 fixed
bullseye (security)	1.4.0-9+deb11u2 fixed
bookworm	1.5.2-6+deb12u1 fixed
forky	1.7.0-5 fixed
sid	1.7.0-5 fixed
trixie	1.7.0-5 fixed

Ubuntu Releases

Ubuntu Product

Codename

pam

plucky	not-affected
oracular	not-affected
noble	not-affected
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	not-affected

Known Exploits!

Common Weakness Enumeration

CWE-863 - Incorrect Authorization
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References

https://access.redhat.com/security/cve/CVE-2025-6018

https://bugzilla.redhat.com/show_bug.cgi?id=2372693

https://bugzilla.suse.com/show_bug.cgi?id=1243226

https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt