CVE-2025-8941
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-11-20
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | insights_proxy | * |
| redhat | open_shift | * |
| redhat | enterprise_linux | 8 |
| redhat | enterprise_linux | 8.2 |
| redhat | enterprise_linux | 9.2 |
| redhat | enterprise_linux | 8.6 |
| redhat | cert-manager_operator | 1.16.0 |
| redhat | linux-pam | * |
| redhat | enterprise_linux | 9.4 |
| redhat | enterprise_linux | 8.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in the linux-pam pam_namespace module where it improperly handles user-controlled paths. This allows local users to exploit symlink attacks and race conditions to escalate their privileges to root. It is an incomplete fix of a previous vulnerability (CVE-2025-6020) and the current CVE-2025-8941 provides a complete fix addressing these issues. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability allows a local user to escalate their privileges to root, potentially gaining full control over the affected Linux system. This can lead to unauthorized access, modification, or destruction of data and system resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Apply the comprehensive patch provided for CVE-2025-8941 to fully mitigate the symlink and race-condition issues in the pam_namespace module. This patch resolves the privilege escalation vulnerability and secures the system. Prioritize updating your Linux-PAM package to the fixed version as soon as possible. [1]