CVE-2025-23013

HIGH EPSS 31.5%
Published Jan 15, 20251y ago · Modified Jun 17, 20262w ago
7.3 CVSS 4.0
High
Find Similar
Published Jan 15, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue that allows for an authentication bypass in some configurations. An attacker would require the ability to access the system as an unprivileged user. Depending on the configuration, the attacker may also need to know the user's password.

CVSS Details

Base Score
7.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
31.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-394

References 7

  • openwall.com http://www.openwall.com/lists/oss-security/2025/01/15/1
  • openwall.com http://www.openwall.com/lists/oss-security/2025/01/16/2
  • openwall.com http://www.openwall.com/lists/oss-security/2025/01/16/3
  • openwall.com http://www.openwall.com/lists/oss-security/2025/01/16/4
  • openwall.com http://www.openwall.com/lists/oss-security/2025/01/16/5
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/02/msg00001.html
  • yubico.com https://www.yubico.com/support/security-advisories/ysa-2025-01/

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.