We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-6020

Linux-pam: linux-pam directory traversal



Description

A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.

Reserved 2025-06-11 | Published 2025-06-17 | Updated 2025-07-30 | Assigner redhat


HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unaffected

Any version before 1.7.1
affected

Default status
affected

0:1.1.8-23.el7_9.1 before *
unaffected

Default status
affected

0:1.3.1-37.el8_10 before *
unaffected

Default status
affected

0:1.3.1-8.el8_2.1 before *
unaffected

Default status
affected

0:1.3.1-14.el8_4.1 before *
unaffected

Default status
affected

0:1.3.1-16.el8_6.2 before *
unaffected

Default status
affected

0:1.3.1-16.el8_6.2 before *
unaffected

Default status
affected

0:1.3.1-16.el8_6.2 before *
unaffected

Default status
affected

0:1.3.1-26.el8_8.1 before *
unaffected

Default status
affected

0:1.3.1-26.el8_8.1 before *
unaffected

Default status
affected

0:1.5.1-25.el9_6 before *
unaffected

Default status
affected

0:1.5.1-25.el9_6 before *
unaffected

Default status
affected

0:1.5.1-9.el9_0.2 before *
unaffected

Default status
affected

0:1.5.1-15.el9_2.1 before *
unaffected

Default status
affected

0:1.5.1-24.el9_4 before *
unaffected

Default status
affected

7.13.5-4.1752066672 before *
unaffected

Default status
affected

7.13.5-4.1752065732 before *
unaffected

Default status
affected

7.13.5-4.1752065732 before *
unaffected

Default status
affected

7.13.5-3.1752065737 before *
unaffected

Default status
affected

7.13.5-4.1752065731 before *
unaffected

Default status
affected

7.13.5-25 before *
unaffected

Default status
affected

7.13.5-4.1752065736 before *
unaffected

Default status
affected

7.13.5-2.1752065733 before *
unaffected

Default status
affected

7.13.5-4.1752065755 before *
unaffected

Default status
affected

sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3 before *
unaffected

Default status
affected

sha256:40535c017d2730645c57c44b32b4df1613585cc19c052fe472ccbf543a659c42 before *
unaffected

Default status
affected

sha256:643b9297fe6bf515d142ad8c857d279aa47854aecd0c9cdb90061185ac78987a before *
unaffected

Default status
affected

sha256:281913677308b5a7f0f834161ca1c1cf22e2686616f60057ac8ae61627f66861 before *
unaffected

Default status
affected

sha256:34851d4dd94a887b27d0937a1238d09ac370b4ec06382fe880796dac86c4aa3e before *
unaffected

Default status
affected

sha256:3d281c9d7fe151c35605aac57a95fec699d20ecea6f4a5ea5b8cdc26a8808695 before *
unaffected

Default status
affected

sha256:2a37885dbd9735167854119a546f9ce1b37454a2b57d283fbd8da890c01db767 before *
unaffected

Default status
affected

sha256:8f2da1e0fc45a36cffbe91f9a1c4449eb0c71671865b7194951ad727c9f7b064 before *
unaffected

Default status
affected

sha256:9eaae087bccf2cedfea26d1c0235cfbbe227f9b8f1eda67dc0b33441e319eb85 before *
unaffected

Default status
affected

sha256:54c5403a8a9e0300233e75a04318013e9dbe3d894be691927d27dc2fe53fddc0 before *
unaffected

Timeline

2025-06-12:Reported to Red Hat.
2025-06-17:Made public.

Credits

Red Hat would like to thank Olivier BAL-PETRE (ANSSI - French Cybersecurity Agency) for reporting this issue.

References

access.redhat.com/errata/RHSA-2025:10024 (RHSA-2025:10024) vendor-advisory

access.redhat.com/errata/RHSA-2025:10027 (RHSA-2025:10027) vendor-advisory

access.redhat.com/errata/RHSA-2025:10180 (RHSA-2025:10180) vendor-advisory

access.redhat.com/errata/RHSA-2025:10354 (RHSA-2025:10354) vendor-advisory

access.redhat.com/errata/RHSA-2025:10357 (RHSA-2025:10357) vendor-advisory

access.redhat.com/errata/RHSA-2025:10358 (RHSA-2025:10358) vendor-advisory

access.redhat.com/errata/RHSA-2025:10359 (RHSA-2025:10359) vendor-advisory

access.redhat.com/errata/RHSA-2025:10361 (RHSA-2025:10361) vendor-advisory

access.redhat.com/errata/RHSA-2025:10362 (RHSA-2025:10362) vendor-advisory

access.redhat.com/errata/RHSA-2025:10735 (RHSA-2025:10735) vendor-advisory

access.redhat.com/errata/RHSA-2025:10823 (RHSA-2025:10823) vendor-advisory

access.redhat.com/errata/RHSA-2025:11386 (RHSA-2025:11386) vendor-advisory

access.redhat.com/errata/RHSA-2025:11487 (RHSA-2025:11487) vendor-advisory

access.redhat.com/errata/RHSA-2025:9526 (RHSA-2025:9526) vendor-advisory

access.redhat.com/security/cve/CVE-2025-6020 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2372512 (RHBZ#2372512) issue-tracking

cve.org (CVE-2025-6020)

nvd.nist.gov (CVE-2025-6020)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-6020

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.