CVE-2025-6020 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2025-6020

CVE-2025-6020

June 17, 2025

A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.

Affected Packages

https://github.com/linux-pam/linux-pam.git (GITHUB):

Affected version(s) >=v1.1.4 <v1.7.1

Fix Suggestion:

Update to version v1.7.1

Related Resources (32)

https://access.redhat.com/security/cve/CVE-2025-6020

https://access.redhat.com/errata/RHSA-2025:16524

https://access.redhat.com/errata/RHSA-2025:10357

https://access.redhat.com/errata/RHSA-2025:21885

https://access.redhat.com/errata/RHSA-2025:10362

https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html

https://access.redhat.com/errata/RHSA-2025:10180

https://access.redhat.com/errata/RHSA-2025:9526

https://access.redhat.com/errata/RHSA-2025:10358

https://access.redhat.com/errata/RHSA-2025:15828

https://access.redhat.com/errata/RHSA-2025:10361

https://access.redhat.com/errata/RHSA-2025:17181

https://access.redhat.com/errata/RHSA-2025:10024

https://access.redhat.com/errata/RHSA-2025:10359

https://security-tracker.debian.org/tracker/CVE-2025-6020

https://access.redhat.com/errata/RHSA-2025:22019

https://access.redhat.com/errata/RHSA-2025:15099

https://access.redhat.com/errata/RHSA-2026:0934

https://access.redhat.com/errata/RHSA-2025:11487

https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx

https://access.redhat.com/errata/RHSA-2025:20181

https://access.redhat.com/errata/RHSA-2025:15709

https://access.redhat.com/errata/RHSA-2025:10735

http://www.openwall.com/lists/oss-security/2025/06/17/1

https://bugzilla.redhat.com/show_bug.cgi?id=2372512

https://access.redhat.com/errata/RHSA-2025:15827

https://access.redhat.com/errata/RHSA-2025:18219

https://access.redhat.com/errata/RHSA-2025:10027

https://access.redhat.com/errata/RHSA-2025:10354

https://access.redhat.com/errata/RHSA-2025:14557

https://access.redhat.com/errata/RHSA-2025:11386

https://access.redhat.com/errata/RHSA-2025:10823

Do you need more information?

CVSS v4

Base Score:

8.5

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

EPSS

Base Score:

0.03

Products

Solutions

Resources

Company

Compare

Developer Tools