Local Privilege Escalation Vulnerability in pam_namespace of Linux-PAM
CVE-2025-6020

7.8HIGH

Key Information:

Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat Enterprise Linux 7 Extended Lifecycle Support
Vendor
CVE Published:
17 June 2025

What is CVE-2025-6020?

A flaw exists in the pam_namespace module of Linux-PAM that could allow local users to escalate their privileges to root. By exploiting weak protection of user-controlled paths, attackers can execute privilege escalation through multiple symlink attacks and race conditions, posing a serious risk to system integrity and security. Organizations that utilize affected versions of Linux-PAM must ensure they apply the latest patches to mitigate potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/errata/RHSA-2025:10024
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10027
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10180
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Olivier BAL-PETRE (ANSSI - French Cybersecurity Agency) for reporting this issue.
JSON
.