CVE-2025-6020 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 21%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
Siemens	RUGGEDCOM ROX MX5000	𝑥 < V2.17.1	ADP
Siemens	RUGGEDCOM ROX MX5000RE	𝑥 < V2.17.1	ADP
Siemens	RUGGEDCOM ROX RX1400	𝑥 < V2.17.1	ADP
Siemens	RUGGEDCOM ROX RX1500	𝑥 < V2.17.1	ADP
Siemens	RUGGEDCOM ROX RX1501	𝑥 < V2.17.1	ADP
Siemens	RUGGEDCOM ROX RX1510	𝑥 < V2.17.1	ADP
Siemens	RUGGEDCOM ROX RX1511	𝑥 < V2.17.1	ADP
Siemens	RUGGEDCOM ROX RX1512	𝑥 < V2.17.1	ADP
Siemens	RUGGEDCOM ROX RX1524	𝑥 < V2.17.1	ADP
Siemens	RUGGEDCOM ROX RX1536	𝑥 < V2.17.1	ADP
Siemens	RUGGEDCOM ROX RX5000	𝑥 < V2.17.1	ADP

Debian Releases

Debian Product

Codename

pam

bookworm	1.5.2-6+deb12u2 fixed
bullseye	vulnerable
bullseye (security)	1.4.0-9+deb11u2 fixed
forky	1.7.0-5 fixed
sid	1.7.0-5 fixed
trixie	1.7.0-5 fixed

Ubuntu Releases

Ubuntu Product

Codename

pam

bionic	needs-triage
focal	needs-triage
jammy	Fixed 1.4.0-11ubuntu2.6 released
noble	Fixed 1.5.3-5ubuntu5.4 released
oracular	Fixed 1.5.3-7ubuntu2.3 released
plucky	Fixed 1.5.3-7ubuntu4.3 released
questing	Fixed 1.5.3-7ubuntu6 released
resolute	Fixed 1.5.3-7ubuntu6 released
trusty	needs-triage
xenial	needs-triage

openSUSE / SLES Releases

openSUSE Product

Release

pam

suse enterprise desktop 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise desktop 15 SP7	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP3	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP7	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP2	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP3	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP7	1.3.0-150000.6.83.1 fixed

pam-32bit

suse enterprise desktop 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise desktop 15 SP7	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP3	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP7	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP2	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP3	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP7	1.3.0-150000.6.83.1 fixed

pam-devel

suse enterprise desktop 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise desktop 15 SP7	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP3	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP7	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP2	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP3	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP7	1.3.0-150000.6.83.1 fixed

pam-devel-32bit

suse enterprise sap 15 SP3	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP2	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP3	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP5	1.3.0-150000.6.83.1 fixed

pam-doc

suse enterprise desktop 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise desktop 15 SP7	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP3	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP7	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP2	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP3	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP7	1.3.0-150000.6.83.1 fixed

pam-extra

suse enterprise desktop 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise desktop 15 SP7	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP3	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP7	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP2	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP3	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP7	1.3.0-150000.6.83.1 fixed

pam-extra-32bit

suse enterprise desktop 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise desktop 15 SP7	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP3	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise sap 15 SP7	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP2	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP3	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP4	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP5	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP6	1.3.0-150000.6.83.1 fixed
suse enterprise server 15 SP7	1.3.0-150000.6.83.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

pam

RHEL 8	0:1.3.1-38.el8_10 fixed
RHEL 8.2 AUS	0:1.3.1-8.el8_2.1 fixed
RHEL 8.4 AUS	0:1.3.1-14.el8_4.1 fixed
RHEL 8.6 AUS	0:1.3.1-16.el8_6.2 fixed
RHEL 8.6 E4S	0:1.3.1-16.el8_6.2 fixed
RHEL 8.6 TUS	0:1.3.1-16.el8_6.2 fixed
RHEL 8.8 E4S	0:1.3.1-26.el8_8.1 fixed
RHEL 8.8 TUS	0:1.3.1-26.el8_8.1 fixed
RHEL 9	0:1.5.1-25.el9_6 fixed

pam-devel

RHEL 8	0:1.3.1-38.el8_10 fixed
RHEL 8.2 AUS	0:1.3.1-8.el8_2.1 fixed
RHEL 8.4 AUS	0:1.3.1-14.el8_4.1 fixed
RHEL 8.6 AUS	0:1.3.1-16.el8_6.2 fixed
RHEL 8.6 E4S	0:1.3.1-16.el8_6.2 fixed
RHEL 8.6 TUS	0:1.3.1-16.el8_6.2 fixed
RHEL 8.8 E4S	0:1.3.1-26.el8_8.1 fixed
RHEL 8.8 TUS	0:1.3.1-26.el8_8.1 fixed
RHEL 9	0:1.5.1-25.el9_6 fixed

pam-docs

RHEL 9

0:1.5.1-25.el9_6

fixed

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

https://access.redhat.com/errata/RHSA-2025:10024

https://access.redhat.com/errata/RHSA-2025:10027

https://access.redhat.com/errata/RHSA-2025:10180

https://access.redhat.com/errata/RHSA-2025:10354

https://access.redhat.com/errata/RHSA-2025:10357

https://access.redhat.com/errata/RHSA-2025:10358

https://access.redhat.com/errata/RHSA-2025:10359

https://access.redhat.com/errata/RHSA-2025:10361

https://access.redhat.com/errata/RHSA-2025:10362

https://access.redhat.com/errata/RHSA-2025:10735

https://access.redhat.com/errata/RHSA-2025:10823

https://access.redhat.com/errata/RHSA-2025:11386

https://access.redhat.com/errata/RHSA-2025:11487

https://access.redhat.com/errata/RHSA-2025:14557

https://access.redhat.com/errata/RHSA-2025:15099

https://access.redhat.com/errata/RHSA-2025:15709

https://access.redhat.com/errata/RHSA-2025:15827

https://access.redhat.com/errata/RHSA-2025:15828

https://access.redhat.com/errata/RHSA-2025:16524

https://access.redhat.com/errata/RHSA-2025:17181

https://access.redhat.com/errata/RHSA-2025:18219

https://access.redhat.com/errata/RHSA-2025:20181

https://access.redhat.com/errata/RHSA-2025:21885

https://access.redhat.com/errata/RHSA-2025:22019

https://access.redhat.com/errata/RHSA-2025:9526

https://access.redhat.com/errata/RHSA-2026:0934

https://access.redhat.com/security/cve/CVE-2025-6020

https://bugzilla.redhat.com/show_bug.cgi?id=2372512

https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx

http://www.openwall.com/lists/oss-security/2025/06/17/1

https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html

https://cert-portal.siemens.com/productcert/html/ssa-577017.html