Local Privilege Escalation in Yubico PAM Implementation on macOS and Linux
CVE-2025-23013

7.3HIGH

Key Information:

Vendor

Yubico

Status
Pam-u2f
Vendor
CVE Published:
15 January 2025

Badges

đź“° News Worthy

What is CVE-2025-23013?

In certain configurations of Yubico's pam-u2f software prior to version 1.3.1, a local privilege escalation vulnerability can occur, allowing an unprivileged attacker to bypass authentication measures. This vulnerability specifically affects systems where pam-u2f is used to authenticate users with a YubiKey or FIDO compliant devices. To exploit this issue, an attacker may require access to the target system and potentially the user's password, depending on the setup. This could allow unauthorized users to gain higher privileges than intended, posing significant security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

pam-u2f 0 < 1.3.1

News Articles

favicon imageForbes

Yubico Issues Security Advisory As 2FA Bypass Vulnerability Confirmed

Yubico has confirmed a partial 2FA bypass issue could impact some YubiKey customers—here’s what you need to know.

References

https://www.yubico.com/support/security-advisories/ysa-20...

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • đź“°

    First article discovered by Forbes

  • Vulnerability published

  • Vulnerability Reserved

JSON
.