Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-6018

Опубликовано: 23 июл. 2025
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 7.8

Описание

A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized control over system configurations, services, or other sensitive operations.

РелизСтатусПримечание
devel

not-affected

code not present
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/bionic

not-affected

code not present
esm-infra/focal

not-affected

code not present
esm-infra/xenial

not-affected

code not present
jammy

not-affected

code not present
noble

not-affected

code not present
oracular

not-affected

code not present
plucky

not-affected

code not present
upstream

needs-triage

Показывать по

EPSS

Процентиль: 34%
0.00131
Низкий

7.8 High

CVSS3

Связанные уязвимости

CVSS3: 7.8
redhat
около 2 месяцев назад

A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized control over system configurations, services, or other sensitive operations.

CVSS3: 7.8
nvd
14 дней назад

A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized control over system configurations, services, or other sensitive operations.

CVSS3: 7.8
debian
14 дней назад

A Local Privilege Escalation (LPE) vulnerability has been discovered i ...

suse-cvrf
около 1 месяца назад

Security update for pam-config

suse-cvrf
около 1 месяца назад

Security update for pam-config

EPSS

Процентиль: 34%
0.00131
Низкий

7.8 High

CVSS3