Home > Vulnerability Database > CVE-2025-23013

Mend.io Vulnerability Database

CVE-2025-23013

Date: January 14, 2025

In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue that allows for an authentication bypass in some configurations. An attacker would require the ability to access the system as an unprivileged user. Depending on the configuration, the attacker may also need to know the user's password.

Severity Score

7.8

Related Resources (9)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-23013

Url: http://www.openwall.com/lists/oss-security/2025/01/15/1

Url: https://www.yubico.com/support/security-advisories/ysa-2025-01/

Url: http://www.openwall.com/lists/oss-security/2025/01/16/4

Url: http://www.openwall.com/lists/oss-security/2025/01/16/5

Url: http://www.openwall.com/lists/oss-security/2025/01/16/2

Url: http://www.openwall.com/lists/oss-security/2025/01/16/3

Url: https://lists.debian.org/debian-lts-announce/2025/02/msg00001.html

Url: https://www.mend.io/vulnerability-database/CVE-2025-23013

Severity Score

7.8

Weakness Type (CWE)

Unexpected Status Code or Return Value

CWE-394

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-23013

Date: January 14, 2025

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?