CVE-2025-6020
HIGH EPSS 30.9%
Published Jun 17, 20251y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
Published Jun 17, 2025 1y ago
Last Modified Jun 17, 2026 1w ago
Description
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
30.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-22 Path Traversal Resource Mgmt
References 32
- openwall.com http://www.openwall.com/lists/oss-security/2025/06/17/1
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10024
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10027
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10180
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10354
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10357
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10358
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10359
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10361
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10362
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10735
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10823
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:11386
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:11487
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:14557
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:15099
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:15709
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:15827
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:15828
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:16524
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:17181
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:18219
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:20181
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:21885
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:22019
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:9526
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:0934
- access.redhat.com https://access.redhat.com/security/cve/CVE-2025-6020
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2372512
- cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-577017.html
- github.com https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx
- lists.debian.org https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.