Authentication Bypass Vulnerability in OpenSC's pam_pkcs11 Component
CVE-2025-24531

6.7MEDIUM

Key Information:

Vendor: Opensc Project
Status: Pam Pkcs11
Vendor: CVE Published:; 16 January 2026

🔔 Create Opensc Project Vulnerability Alert

What is CVE-2025-24531?

The pam_pkcs11 module in OpenSC prior to version 0.6.13 contains a critical flaw where the pam_sm_authenticate function inaccurately returns PAM_IGNORE under various error conditions, such as failures related to smartcards. This misbehavior can inadvertently lead to an authentication bypass, potentially allowing unauthorized access to systems relying on this module.

Affected Version(s)

pam_pkcs11 0.6.12 < 0.6.13

References

https://github.com/OpenSC/pam_pkcs11/security/advisories/...

https://github.com/OpenSC/pam_pkcs11/releases

https://www.openwall.com/lists/oss-security/2025/02/06/3

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2026
Vulnerability Reserved
Jan 23, 2025

CVE-2025-24531 Data

JSON