CVE-2025-6020 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhat	CNA	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

pam

bullseye	vulnerable
bookworm	vulnerable
sid	vulnerable
trixie	vulnerable

Ubuntu Releases

Ubuntu Product

Codename

pam

plucky	Fixed 1.5.3-7ubuntu4.3 released
oracular	Fixed 1.5.3-7ubuntu2.3 released
noble	Fixed 1.5.3-5ubuntu5.4 released
jammy	Fixed 1.4.0-11ubuntu2.6 released
focal	needs-triage
bionic	needs-triage
xenial	needs-triage
trusty	needs-triage

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Vulnerability Media Exposure

[GERMAN] PAM: Schwachstelle ermöglicht Privilegieneskalation
Ein lokaler Angreifer kann eine Schwachstelle in PAM ausnutzen, um seine Privilegien zu erhöhen.
Published: 2025-06-17T22:00:00+00:00

References

https://access.redhat.com/security/cve/CVE-2025-6020

https://bugzilla.redhat.com/show_bug.cgi?id=2372512

http://www.openwall.com/lists/oss-security/2025/06/17/1