Local Privilege Escalation in Linux Pluggable Authentication Modules (PAM) by Red Hat
CVE-2025-6018

7.8HIGH

Key Information:

Status: Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 23 July 2025

Badges

👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2025-6018?

A Local Privilege Escalation vulnerability exists in pam-config, part of the Linux Pluggable Authentication Modules (PAM). This flaw permits a local attacker, such as an SSH user, to escalate their privileges to those of a privileged console user. By exploiting this vulnerability, attackers can execute Polkit actions typically restricted to physically present users, resulting in unauthorized control over system settings, services, and sensitive operations.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-6018_CVE-2025-6019_autopwn
Created by Goultarde

Exploit-Chain-CVE-2025-6018-6019
Created by 0rionCollector

CVE-2025-6018-and-CVE-2025-6019-Privilege-Escalation
Created by AzureADTrent

News Articles

CVE-2025-6018 CVE-2025-6019

Critical vulnerabilities CVE-2025-6018 and CVE-2025-6019 in Linux systems | Born's Tech and Windows World

[German]Security researchers from Qualys TRU have uncovered two linked, critical vulnerabilities in Linux. Starting with SUSE 15, the LPE chain leads directly to root access in standard configurations of many...

Cyber Security Agency of Singapore

CVE-2025-6018 CVE-2025-6019

Multiple Vulnerabilities in Major Linux Distributions

Security researchers identified two new LPE vulnerabilities that can be chained together to gain root privileges on systems running major Linux distributions.