CVE-2025-6020

Linux-pam: linux-pam directory traversal

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.

An update for pam is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a traversal vulnerability.

*Credits: Red Hat would like to thank Olivier BAL-PETRE (ANSSI - French Cybersecurity Agency) for reporting this issue.

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2025-06-11 CVE Reserved
2025-06-17 CVE Published
2025-08-24 EPSS Updated
2025-08-26 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (17)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2025-6020	2025-06-17
https://bugzilla.redhat.com/show_bug.cgi?id=2372512	2025-06-17
https://access.redhat.com/errata/RHSA-2025:10024	2025-08-26
https://access.redhat.com/errata/RHSA-2025:10027	2025-08-26
https://access.redhat.com/errata/RHSA-2025:10180	2025-08-26
https://access.redhat.com/errata/RHSA-2025:10354	2025-08-26
https://access.redhat.com/errata/RHSA-2025:10357	2025-08-26
https://access.redhat.com/errata/RHSA-2025:10358	2025-08-26
https://access.redhat.com/errata/RHSA-2025:10359	2025-08-26
https://access.redhat.com/errata/RHSA-2025:10361	2025-08-26
https://access.redhat.com/errata/RHSA-2025:10362	2025-08-26
https://access.redhat.com/errata/RHSA-2025:10735	2025-08-26
https://access.redhat.com/errata/RHSA-2025:10823	2025-08-26
https://access.redhat.com/errata/RHSA-2025:11386	2025-08-26
https://access.redhat.com/errata/RHSA-2025:11487	2025-08-26
https://access.redhat.com/errata/RHSA-2025:14557	2025-08-26
https://access.redhat.com/errata/RHSA-2025:9526	2025-08-26

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Oracle Search vendor "Oracle"		Linux Search vendor "Oracle" for product "Linux"				*		-		Affected
Red Hat Search vendor "Red Hat"		Enterprise Linux Search vendor "Red Hat" for product "Enterprise Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				*		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				*		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				*		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				*		-		Affected
Oracle Search vendor "Oracle"		Linux Search vendor "Oracle" for product "Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Eus Search vendor "Redhat" for product "Rhel Eus"				*		-		Affected