216.73.216.170

CVE-2025-6018

· Published 23/07/2025 15:15 · Modified 23/07/2025 15:15

Labels: CVE-2025-6018 2025-07-23CVE-2025-6018CWE-863[email protected]

Essential information

Published
23/07/2025 15:15
Modified
23/07/2025 15:15
Author
Creator
CVSS
7.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized control over system configurations, services, or other sensitive operations.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
redhat / pam cpe:2.3:a:redhat:pam:*:*:*:*:*:*:*:*

References