Sign In

CVE-2025-6020

ADVISORY - debian

Summary

A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.

[experimental] - pam 1.7.0-4

EPSS Score: 0.00023 (0.044)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Impacted images

Advisories

Debian

CREATED

UPDATED

ADVISORY IDCVE-2025-6020
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY
PackageTypeOS NameOS VersionAffected RangesFix Versions
debian/pamdebdebian12>=1.5.2-6+deb12u1Not yet available
debian/pamdebdebian13<1.7.0-51.7.0-5
debian/pamdebdebian11>=1.4.0-9+deb11u1Not yet available
debian/pamdebdebianunstable<1.7.0-51.7.0-5

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

UPDATED

ADVISORY IDCVE-2025-6020
EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-22

CVSS SCORE

7.8high

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2025-6020
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

UPDATED

ADVISORY IDALSA-2025:10027
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Alma

CREATED

UPDATED

ADVISORY IDALSA-2025:9526
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

UPDATED

ADVISORY IDELSA-2025-10027
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

UPDATED

ADVISORY IDELSA-2025-9526
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh