Vulnerability in PAM-PKCS#11 Module for Linux-PAM User Login
CVE-2025-24032

9.2CRITICAL

Key Information:

Vendor: Opensc
Status: Pam Pkcs11
Vendor: CVE Published:; 10 February 2025

What is CVE-2025-24032?

CVE-2025-24032 is a vulnerability identified in the PAM-PKCS#11 module utilized within the Linux-PAM framework for user authentication. This module enables X.509 certificate-based user logins, which are critical for secure access management in various Linux systems. The vulnerability arises from a failure to verify the private key's signature when the certificate policy is set to its default value of "none." This oversight can allow an attacker to create a malicious token replicating a user's public certificate data, gaining unauthorized access and compromising system integrity. Organizations relying on this module for secure logins could face severe security risks if this vulnerability is not addressed.

Technical Details

The vulnerability is linked to the PAM-PKCS#11 module, which facilitates integration of smart cards or similar cryptographic tokens with the Linux-PAM login process. Prior to the release of version 0.6.13, the default configuration did not mandate signature verification of the private key. Instead, it only verified whether the user could log in using the token. Consequently, an attacker could potentially craft a token with the victim's public certificate and a known PIN, bypassing the need for a private key’s signature. This crucial flaw essentially allows unauthorized logins where verification of the critical private key is disregarded.

Potential impact of CVE-2025-24032

Unauthorized Access: The primary risk posed by CVE-2025-24032 is the potential for unauthorized user access to systems. An attacker exploiting this vulnerability could effectively impersonate legitimate users, leading to unauthorized actions within sensitive environments.
Data Breaches: Organizations may face significant data breaches as unauthorized users could access confidential information and sensitive data, resulting in severe repercussions for data integrity and privacy compliance.
Compromise of System Security: With the ability to log in as legitimate users, attackers could manipulate or exfiltrate data, potentially deploying further exploits or malware, thereby jeopardizing the overall security of the affected infrastructure.