Local Privilege Escalation Vulnerability in libblockdev Affects Red Hat
CVE-2025-6019

7HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 7 Extended Lifecycle Support; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.2 Advanced Update Support
Vendor: CVE Published:; 19 June 2025

Badges

📈 Score: 408👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2025-6019?

CVE-2025-6019 is a local privilege escalation vulnerability found in the libblockdev component of Red Hat systems. This library is essential for managing block devices in Linux environments, facilitating the creation, modification, and management of filesystems. The vulnerability arises from the interaction between libblockdev and the udisks daemon, particularly in how user permissions are handled by the Polkit service. An attacker with physical access to the system, specifically a user with the "allow_active" setting, can exploit this flaw to escalate their privileges to full root access. By crafting a specially designed XFS filesystem image and manipulating udisks into mounting it, the attacker can execute arbitrary code with elevated privileges, leading to comprehensive control over the affected host.

Potential impact of CVE-2025-6019

Full System Compromise: By gaining root privileges, an attacker can manipulate and control all aspects of the system, potentially allowing for unauthorized access to sensitive data, configuration modifications, and the installation of persistent backdoors for future exploitation.
Data Leakage or Loss: The escalation of privileges could result in unauthorized access to confidential information, leading to data leaks, corruption, or deletion of critical organizational data, thus impacting both security and operational integrity.
Spread of Malware: The ability to execute code as a root user enables malicious actors to install malware or create a botnet on the compromised machine, which can then be used to launch further attacks or propagate additional ransomware and malware across the network.

Affected Version(s)

Red Hat Enterprise Linux 10 0:3.2.0-4.el10_0

Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:2.18-5.el7_9.1

Red Hat Enterprise Linux 8 0:2.28-7.el8_10

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-6019_Poc
Created by dreysanox

CVE-2025-6019-exploit
Created by And-oss

News Articles

CVE-2025-6018 CVE-2025-6019

Critical vulnerabilities CVE-2025-6018 and CVE-2025-6019 in Linux systems | Born's Tech and Windows World

[German]Security researchers from Qualys TRU have uncovered two linked, critical vulnerabilities in Linux. Starting with SUSE 15, the LPE chain leads directly to root access in standard configurations of many...

5 days ago

Cyber Security News

CVE-2025-6019

Linux Privilege Escalation Exploit Released - udisksd & libblockdev Vulnerability

This flaw allows users in the allow_active group to escalate their privileges to root under certain conditions, posing a severe risk to multi-user and shared environments.

1 week ago