CVE-2025-6020
- Source
- https://cve.org/CVERecord?id=CVE-2025-6020
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-6020.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-6020
- Aliases
-
- GHSA-f9p8-gjr4-j9gx
- Downstream
- Related
- Published
- 2025-06-17T12:44:08.646Z
- Modified
- 2026-06-26T11:56:03.189593157Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Linux-pam: linux-pam directory traversal
- Details
-
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/6xxx/CVE-2025-6020.json", "cwe_ids": [ "CWE-22" ], "cna_assigner": "redhat" }- References
-
- http://www.openwall.com/lists/oss-security/2025/06/17/1
- https://access.redhat.com/downloads/content/package-browser/
- https://catalog.redhat.com/software/containers/
- https://cert-portal.siemens.com/productcert/html/ssa-577017.html
- https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html
- https://access.redhat.com/errata/RHSA-2025:10024
- https://access.redhat.com/errata/RHSA-2025:10027
- https://access.redhat.com/errata/RHSA-2025:10180
- https://access.redhat.com/errata/RHSA-2025:10354
- https://access.redhat.com/errata/RHSA-2025:10357
- https://access.redhat.com/errata/RHSA-2025:10358
- https://access.redhat.com/errata/RHSA-2025:10359
- https://access.redhat.com/errata/RHSA-2025:10361
- https://access.redhat.com/errata/RHSA-2025:10362
- https://access.redhat.com/errata/RHSA-2025:10735
- https://access.redhat.com/errata/RHSA-2025:10823
- https://access.redhat.com/errata/RHSA-2025:11386
- https://access.redhat.com/errata/RHSA-2025:11487
- https://access.redhat.com/errata/RHSA-2025:14557
- https://access.redhat.com/errata/RHSA-2025:15099
- https://access.redhat.com/errata/RHSA-2025:15709
- https://access.redhat.com/errata/RHSA-2025:15827
- https://access.redhat.com/errata/RHSA-2025:15828
- https://access.redhat.com/errata/RHSA-2025:16524
- https://access.redhat.com/errata/RHSA-2025:17181
- https://access.redhat.com/errata/RHSA-2025:18219
- https://access.redhat.com/errata/RHSA-2025:20181
- https://access.redhat.com/errata/RHSA-2025:21885
- https://access.redhat.com/errata/RHSA-2025:22019
- https://access.redhat.com/errata/RHSA-2025:9526
- https://access.redhat.com/errata/RHSA-2026:0934
- https://access.redhat.com/security/cve/CVE-2025-6020
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/6xxx/CVE-2025-6020.json
- https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx
- https://nvd.nist.gov/vuln/detail/CVE-2025-6020
- https://bugzilla.redhat.com/show_bug.cgi?id=2372512
- https://github.com/linux-pam/linux-pam
Affected packages
Git / github.com/linux-pam/linux-pam
Affected versions
Other
Linux-PAM-0-73
Linux-PAM-0-74
Linux-PAM-0-75
Linux-PAM-0-76
Linux-PAM-0-77
Linux-PAM-0-78
Linux-PAM-0-78-Beta1
Linux-PAM-0-79
Linux-PAM-0-80
Linux-PAM-0_99_10_0
Linux-PAM-0_99_1_0
Linux-PAM-0_99_2_0
Linux-PAM-0_99_2_1
Linux-PAM-0_99_3_0
Linux-PAM-0_99_4_0
Linux-PAM-0_99_5_0
Linux-PAM-0_99_6_0
Linux-PAM-0_99_6_1
Linux-PAM-0_99_6_2
Linux-PAM-0_99_6_3
Linux-PAM-0_99_7_0
Linux-PAM-0_99_7_1
Linux-PAM-0_99_8_0
Linux-PAM-0_99_8_1
Linux-PAM-0_99_9_0
Linux-PAM-1_0_0
Linux-PAM-1_0_90
Linux-PAM-1_0_91
Linux-PAM-1_0_92
Linux-PAM-1_1-branch
Linux-PAM-1_1_0
Linux-PAM-1_1_1
Linux-PAM-1_1_2
Linux-PAM-1_1_3
Linux-PAM-1_1_4
Linux-PAM-1_1_5
Linux-PAM-1_1_7
Linux-PAM-1_1_8
Linux-PAM-1_2_0
Linux-PAM-1_2_1
before_automake
help
pam_unix_refactor
Linux-PAM-1.*
Linux-PAM-1.3.0
v1.*
v1.1.4
v1.1.6
v1.3.1
v1.4.0
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.6.0
v1.6.1
v1.7.0