Home > Vulnerability Database > CVE-2025-24531

Mend.io Vulnerability Database

CVE-2025-24531

Good to know:

Date: January 15, 2026

In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error situations (such as an error triggered by a smartcard before login), allowing authentication bypass.

Severity Score

6.7

Related Resources (8)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-24531

Url: https://seclists.org/oss-sec/2025/q1/109

Url: https://github.com/OpenSC/pam_pkcs11/releases

Url: https://github.com/OpenSC/pam_pkcs11/security/advisories/GHSA-7mf6-rg36-qgch

Url: http://www.openwall.com/lists/oss-security/2025/02/06/7

Url: https://www.openwall.com/lists/oss-security/2025/02/06/3

Url: http://www.openwall.com/lists/oss-security/2025/02/06/3

Url: https://www.mend.io/vulnerability-database/CVE-2025-24531

Severity Score

6.7

Weakness Type (CWE)

Authentication Bypass Using an Alternate Path or Channel

CWE-288

Return of Wrong Status Code

CWE-393

CVSS v3.1

Base Score:	6.7
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-24531

Good to know:

Date: January 15, 2026

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?