CVE-2025-8941

EUVD-2025-24657
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Debian logo
Debian Releases
Debian Product
Codename
pam
bookworm
undetermined
bullseye
undetermined
bullseye (security)
undetermined
forky
undetermined
sid
undetermined
trixie
undetermined
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
pam
RHEL 8
0:1.3.1-38.el8_10
fixed
RHEL 8.2 AUS
0:1.3.1-8.el8_2.2
fixed
RHEL 8.4 AUS
0:1.3.1-14.el8_4.2
fixed
RHEL 8.6 AUS
0:1.3.1-16.el8_6.3
fixed
RHEL 8.6 E4S
0:1.3.1-16.el8_6.3
fixed
RHEL 8.6 TUS
0:1.3.1-16.el8_6.3
fixed
RHEL 8.8 E4S
0:1.3.1-26.el8_8.2
fixed
RHEL 8.8 TUS
0:1.3.1-26.el8_8.2
fixed
RHEL 9
0:1.5.1-26.el9_6
fixed
pam-devel
RHEL 8
0:1.3.1-38.el8_10
fixed
RHEL 8.2 AUS
0:1.3.1-8.el8_2.2
fixed
RHEL 8.4 AUS
0:1.3.1-14.el8_4.2
fixed
RHEL 8.6 AUS
0:1.3.1-16.el8_6.3
fixed
RHEL 8.6 E4S
0:1.3.1-16.el8_6.3
fixed
RHEL 8.6 TUS
0:1.3.1-16.el8_6.3
fixed
RHEL 8.8 E4S
0:1.3.1-26.el8_8.2
fixed
RHEL 8.8 TUS
0:1.3.1-26.el8_8.2
fixed
RHEL 9
0:1.5.1-26.el9_6
fixed
pam-docs
RHEL 9
0:1.5.1-26.el9_6
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
pam
Amazon Linux 2
0:1.1.8-23.amzn2.0.5
fixed
Amazon Linux 2023
0:1.5.1-8.amzn2023.0.7
fixed
pam-debuginfo
Amazon Linux 2
0:1.1.8-23.amzn2.0.5
fixed
Amazon Linux 2023
0:1.5.1-8.amzn2023.0.7
fixed
pam-debugsource
Amazon Linux 2023
0:1.5.1-8.amzn2023.0.7
fixed
pam-devel
Amazon Linux 2
0:1.1.8-23.amzn2.0.5
fixed
Amazon Linux 2023
0:1.5.1-8.amzn2023.0.7
fixed
pam-docs
Amazon Linux 2023
0:1.5.1-8.amzn2023.0.7
fixed