Skip to main content
CVE-2025-6018 HIGH POC PATCH This Week

Local privilege escalation in SUSE Linux Enterprise 15 / openSUSE Leap pam-config (PAM) lets an unprivileged local user - including one logged in remotely over SSH - be incorrectly treated as a physically present "allow_active" console user. By gaining that session status, the attacker can invoke Polkit actions normally gated to active console sessions, and publicly available exploit code (Qualys) chains this with the udisks flaw CVE-2025-6019 to reach full root. There is no public evidence of active exploitation (not in CISA KEV), but working POC exploit code exists.

Authentication Bypass Privilege Escalation Pam Config
NVD Exploit-DB GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2025-8020 HIGH This Week

Server-Side Request Forgery (SSRF) in the private-ip npm package allows remote unauthenticated attackers to bypass IP filtering by providing multicast addresses (224.0.0.0/4) that the library incorrectly validates as safe, enabling access to internal network resources. This affects all versions of the package with a CVSS 4.0 score of 7.8 (High) and proof-of-concept exploit code is publicly available per the E:P metric. Organizations using private-ip for server-side request validation are at immediate risk of internal network reconnaissance and data exfiltration.

SSRF
NVD GitHub
CVSS 4.0
7.8
EPSS
0.0%
CVE-2025-46099 HIGH This Week

Arbitrary command execution in Pluck CMS 4.7.20-dev lets an authenticated administrator upload a crafted PHP file into the albums module directory and then invoke it through the routing logic in albums.site.php, passing OS commands via a GET parameter. The flaw stems from unrestricted file upload (CWE-434) combined with the module directory being directly web-accessible and PHP-executable, turning legitimate album management into a code-execution primitive. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, with a low EPSS probability of 0.51% (40th percentile).

PHP File Upload Pluck
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy