CVE-2025-6018
BaseFortify
Publication date: 2025-07-23
Last updated on: 2025-11-04
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| suse | pam-config | 1.1.8-24.71.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Local Privilege Escalation (LPE) flaw in pam-config within Linux Pluggable Authentication Modules (PAM). It allows an unprivileged local attacker, such as a user logged in via SSH, to gain elevated privileges that are normally reserved for physically present users with 'allow_active' status. Essentially, the attacker can perform actions typically restricted to console users, bypassing normal privilege restrictions.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker with local access can escalate their privileges to perform all 'allow_active yes' Polkit actions. This means they could gain unauthorized control over system configurations, services, or other sensitive operations, potentially compromising the security and integrity of the affected system.