Local Privilege Escalation in Linux Pluggable Authentication Modules (PAM) by Red Hat
CVE-2025-6018
Key Information:
- Vendor
- CVE Published:
- 23 July 2025
Badges
What is CVE-2025-6018?
A Local Privilege Escalation vulnerability exists in pam-config, part of the Linux Pluggable Authentication Modules (PAM). This flaw permits a local attacker, such as an SSH user, to escalate their privileges to those of a privileged console user. By exploiting this vulnerability, attackers can execute Polkit actions typically restricted to physically present users, resulting in unauthorized control over system settings, services, and sensitive operations.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
News Articles
Critical vulnerabilities CVE-2025-6018 and CVE-2025-6019 in Linux systems | Born's Tech and Windows World
[German]Security researchers from Qualys TRU have uncovered two linked, critical vulnerabilities in Linux. Starting with SUSE 15, the LPE chain leads directly to root access in standard configurations of many...
Cyber Security Agency of SingaporeMultiple Vulnerabilities in Major Linux Distributions
Security researchers identified two new LPE vulnerabilities that can be chained together to gain root privileges on systems running major Linux distributions.
The Hacker NewsCVE-2025-6018New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions
Linux systems face critical local privilege escalation threats via CVE-2025-6018/6019 flaws—users must patch now.
References
CVSS V3.1
Timeline
Vulnerability published
- đź“°
First article discovered by CyberSecurityNews
Vulnerability Reserved