CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-6018

A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized control over system configurations, services, or other sensitive operations.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 24.0%

CVSS Severity

CVSS v3 Score 7.8

References

https://access.redhat.com/security/cve/CVE-2025-6018
https://bugzilla.redhat.com/show_bug.cgi?id=2372693
https://bugzilla.suse.com/show_bug.cgi?id=1243226
https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt

Products affected by CVE-2025-6018

Suse » Pam-Config » Version: 1.1.8-24.71.1

cpe:2.3:a:suse:pam-config:1.1.8-24.71.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-6018

Products

Pricing

Contact Us