Skip to main content

SUSE pam-config CVE-2025-6018

HIGH
Incorrect Authorization (CWE-863)
2025-07-23 secalert@redhat.com
7.8
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

Requires an existing unprivileged local/SSH session (PR:L, AV:L), runs without interaction at low complexity, and yields high C/I/A via allow_active escalation.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
SUSE
8.4 HIGH
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Red Hat
7.8 HIGH
qualitative

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 25, 2026 - 03:30 vuln.today
CVE Published
Jul 23, 2025 - 15:15 cve.org
HIGH 7.8

DescriptionCVE.org

A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized control over system configurations, services, or other sensitive operations.

AnalysisAI

Local privilege escalation in SUSE Linux Enterprise 15 / openSUSE Leap pam-config (PAM) lets an unprivileged local user - including one logged in remotely over SSH - be incorrectly treated as a physically present "allow_active" console user. By gaining that session status, the attacker can invoke Polkit actions normally gated to active console sessions, and publicly available exploit code (Qualys) chains this with the udisks flaw CVE-2025-6019 to reach full root. There is no public evidence of active exploitation (not in CISA KEV), but working POC exploit code exists.

Technical ContextAI

PAM (Pluggable Authentication Modules) is the framework Linux uses to establish session credentials, and pam_systemd/systemd-logind records session properties such as whether a session is "active" and tied to a local seat. Polkit (PolicyKit) consults logind to decide whether a caller is an allow_active subject - a privileged class intended for users physically at the console. The root cause is CWE-863 (Incorrect Authorization): SUSE's pam-config default stack assigns the allow_active/seat-bound session attributes to sessions that are not genuinely local console sessions (e.g., SSH logins), so logind reports remote users as active. CPE confirms the affected component is cpe:2.3:a:suse:pam-config:1.1.8-24.71.1, i.e., the distribution's PAM configuration package rather than upstream PAM source code.

RemediationAI

Apply the SUSE-released pam-config updates for SUSE Linux Enterprise 15 and openSUSE Leap as referenced in SUSE Bugzilla 1243226 (https://bugzilla.suse.com/show_bug.cgi?id=1243226) and patch the chained udisks component (CVE-2025-6019) at the same time, since the two together yield root - no single exact fixed version string is given in the provided data beyond the vulnerable 1.1.8-24.71.1 build, so update to the latest vendor-provided pam-config package. As an interim compensating control, review and tighten the Polkit allow_active rules so sensitive actions are not granted to active sessions (set the relevant org.freedesktop.* actions' allow_active to auth_admin), which closes the abuse path at the cost of prompting legitimate console users for authentication; alternatively, restrict or audit SSH access to trusted users to shrink the pool of local attackers, accepting the operational overhead. Verify remediation against the Qualys advisory (https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt).

Vendor StatusVendor

SUSE

Severity: Important
Product Status
Container bci/kiwi:9.24.43-16.13 Container suse/hpc/warewulf4-x86_64/sle-hpc-node:15.7.20.5.1 Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.1.7.26.2 Container suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.5.1.6.26.1 Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1 Container suse/multi-linux-manager/5.1/x86_64/proxy-httpd:5.1.0.6.27 Container suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:5.1.2.9.13.2 Container suse/multi-linux-manager/5.1/x86_64/server-hub-xmlrpc-api:5.1.0.6.21 Container suse/multi-linux-manager/5.1/x86_64/server:5.1.0.6.40 Image SLES15-SP6 Image SLES15-SP6-Azure-3P Image SLES15-SP6-Azure-Basic Image SLES15-SP6-Azure-Standard Image SLES15-SP6-BYOS Image SLES15-SP6-BYOS-Azure Image SLES15-SP6-BYOS-EC2 Image SLES15-SP6-BYOS-GCE Image SLES15-SP6-CHOST-BYOS Image SLES15-SP6-CHOST-BYOS-Aliyun Image SLES15-SP6-CHOST-BYOS-Azure Image SLES15-SP6-CHOST-BYOS-EC2 Image SLES15-SP6-CHOST-BYOS-GCE Image SLES15-SP6-CHOST-BYOS-GDC Image SLES15-SP6-CHOST-BYOS-SAP-CCloud Image SLES15-SP6-EC2 Image SLES15-SP6-EC2-ECS-HVM Image SLES15-SP6-GCE Image SLES15-SP6-HPC Image SLES15-SP6-HPC-Azure Image SLES15-SP6-HPC-BYOS Image SLES15-SP6-HPC-BYOS-Azure Image SLES15-SP6-HPC-BYOS-EC2 Image SLES15-SP6-HPC-BYOS-GCE Image SLES15-SP6-HPC-EC2 Image SLES15-SP6-HPC-GCE Image SLES15-SP6-SAP Image SLES15-SP6-SAP-Azure Image SLES15-SP6-SAP-Azure-3P Image SLES15-SP6-SAP-Azure-LI-BYOS Image SLES15-SP6-SAP-Azure-LI-BYOS-Production Image SLES15-SP6-SAP-Azure-VLI-BYOS Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production Image SLES15-SP6-SAP-BYOS Image SLES15-SP6-SAP-BYOS-Azure Image SLES15-SP6-SAP-BYOS-EC2 Image SLES15-SP6-SAP-BYOS-GCE Image SLES15-SP6-SAP-EC2 Image SLES15-SP6-SAP-GCE Image SLES15-SP6-SAPCAL Image SLES15-SP6-SAPCAL-Azure Image SLES15-SP6-SAPCAL-EC2 Image SLES15-SP6-SAPCAL-GCE Image SLES15-SP7-Azure-3P Image SLES15-SP7-Azure-Basic Image SLES15-SP7-Azure-Standard Image SLES15-SP7-BYOS-Azure Image SLES15-SP7-BYOS-EC2 Image SLES15-SP7-BYOS-GCE Image SLES15-SP7-CHOST-BYOS-Aliyun Image SLES15-SP7-CHOST-BYOS-Azure Image SLES15-SP7-CHOST-BYOS-EC2 Image SLES15-SP7-CHOST-BYOS-GCE Image SLES15-SP7-CHOST-BYOS-GDC Image SLES15-SP7-CHOST-BYOS-SAP-CCloud Image SLES15-SP7-EC2 Image SLES15-SP7-EC2-ECS-HVM Image SLES15-SP7-GCE Image SLES15-SP7-GCE-3P Image SLES15-SP7-HPC-Azure Image SLES15-SP7-HPC-BYOS-Azure Image SLES15-SP7-HPC-BYOS-EC2 Image SLES15-SP7-HPC-BYOS-GCE Image SLES15-SP7-SAP-Azure Image SLES15-SP7-SAP-Azure-3P Image SLES15-SP7-SAP-Azure-LI-BYOS-Production Image SLES15-SP7-SAP-Azure-VLI-BYOS-Production Image SLES15-SP7-SAP-BYOS-Azure Image SLES15-SP7-SAP-BYOS-EC2 Image SLES15-SP7-SAP-BYOS-GCE Image SLES15-SP7-SAP-EC2 Image SLES15-SP7-SAP-GCE Image SLES15-SP7-SAP-GCE-3P Image SLES15-SP7-SAPCAL-Azure Image SLES15-SP7-SAPCAL-EC2 Image SLES15-SP7-SAPCAL-GCE Image server-hub-xmlrpc-api-image Image server-image Image server-image-sles15sp7 Affected
Container bci/spack:0.23.1-11.3 Container containers/lmcache-vllm-openai:0.3.2-1.2 Container containers/milvus:2.4.6-7.132 Container containers/ollama:0.6.8-10.23 Container containers/open-webui-mcpo:0.0.17-1.1 Container containers/open-webui:0.6.9-10.15 Container containers/vllm-openai:0.9.1-1.2 Container private-registry/1.2/harbor-core:1.2.0-1.8 Container private-registry/1.2/harbor-exporter:1.2.0-1.8 Container private-registry/1.2/harbor-jobservice:1.2.0-1.8 Container private-registry/1.2/harbor-portal:1.2.0-1.8 Container private-registry/1.2/harbor-registry:1.2.0-1.8 Container private-registry/1.2/harbor-registryctl:1.2.0-1.8 Container private-registry/1.2/harbor-trivy-adapter:1.2.0-1.8 Container private-registry/harbor-core:1.1.0-1.1 Container private-registry/harbor-db:2.12.2-2.16 Container private-registry/harbor-exporter:1.1.0-1.1 Container private-registry/harbor-jobservice:1.1.0-1.1 Container private-registry/harbor-nginx:1.21.5-2.15 Container private-registry/harbor-portal:1.1.0-1.1 Container private-registry/harbor-registry:1.1.0-1.1 Container private-registry/harbor-registryctl:1.1.0-1.1 Container private-registry/harbor-trivy-adapter:1.1.0-1.1 Container private-registry/harbor-valkey:8.0.2-2.17 Container suse/manager/4.3/proxy-salt-broker:4.3.15.9.53.45 Container suse/manager/4.3/proxy-squid:4.3.15.9.62.25 Container suse/manager/4.3/proxy-ssh:4.3.15.9.53.25 Container suse/manager/5.0/x86_64/proxy-salt-broker:5.0.5.1.7.28.2 Container suse/manager/5.0/x86_64/proxy-squid:5.0.5.1.7.26.1 Container suse/manager/5.0/x86_64/proxy-ssh:5.0.5.1.7.26.1 Container suse/manager/5.0/x86_64/server-migration-14-16:5.0.4.1.7.20.1 Container suse/mariadb-client:10.11.11-60.4 Container suse/mariadb:10.11.11-67.4 Container suse/multi-linux-manager/5.1/x86_64/proxy-squid:5.1.0.6.21 Container suse/multi-linux-manager/5.1/x86_64/proxy-ssh:5.1.0.6.20 Container suse/multi-linux-manager/5.1/x86_64/server-migration-14-16:5.1.0.6.27 Container suse/multi-linux-manager/5.1/x86_64/server-postgresql:5.1.2.6.13.1 Container suse/multi-linux-manager/5.1/x86_64/server-saline:5.1.2.9.13.1 Container suse/sle-micro/5.1/toolbox:14.2-3.13.133 Container suse/sle-micro/5.2/toolbox:14.2-7.11.135 Container suse/sle-micro/5.3/toolbox:14.2-6.11.142 Container suse/sle-micro/5.4/toolbox:14.2-5.19.142 Container suse/sle-micro/5.5/toolbox:14.2-3.12.46 Image ai_15_6 Image monitoring-alertmanager-image Image monitoring-blackbox_exporter-image Image monitoring-grafana-image Image monitoring-prometheus-image Image pr_15_6 Image pr_15_7 Image proxy-httpd-image Image proxy-salt-broker-image Image proxy-squid-image Image proxy-ssh-image Image server-database-migration-image Image server-migration-14-16-image Image server-saline-image Affected
Container suse/manager/4.3/proxy-httpd:4.3.15.9.63.40 Container suse/sle-micro-rancher/5.2:latest Container suse/sle-micro-rancher/5.3:latest Container suse/sle-micro-rancher/5.4:5.4.4.5.9 Container suse/sle-micro/5.5:2.0.4-5.5.313 Container suse/sle-micro/base-5.5:2.0.4-5.8.180 Container suse/sle-micro/kvm-5.5:2.0.4-3.5.344 Container suse/sle-micro/rt-5.5:2.0.4-4.5.412 Image SLES15-SP3-Micro-5-2-BYOS-Azure Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM Image SLES15-SP3-Micro-5-2-BYOS-GCE Image SLES15-SP4-BYOS Image SLES15-SP4-BYOS-Azure Image SLES15-SP4-BYOS-EC2 Image SLES15-SP4-BYOS-GCE Image SLES15-SP4-CHOST-BYOS Image SLES15-SP4-CHOST-BYOS-Aliyun Image SLES15-SP4-CHOST-BYOS-Azure Image SLES15-SP4-CHOST-BYOS-EC2 Image SLES15-SP4-CHOST-BYOS-GCE Image SLES15-SP4-CHOST-BYOS-SAP-CCloud Image SLES15-SP4-HPC-BYOS Image SLES15-SP4-HPC-BYOS-Azure Image SLES15-SP4-HPC-BYOS-EC2 Image SLES15-SP4-HPC-BYOS-GCE Image SLES15-SP4-HPC-EC2 Image SLES15-SP4-HPC-GCE Image SLES15-SP4-Manager-Proxy-4-3-BYOS Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE Image SLES15-SP4-Manager-Server-4-3-BYOS Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE Image SLES15-SP4-Micro-5-3 Image SLES15-SP4-Micro-5-3-BYOS Image SLES15-SP4-Micro-5-3-BYOS-Azure Image SLES15-SP4-Micro-5-3-BYOS-EC2 Image SLES15-SP4-Micro-5-3-BYOS-GCE Image SLES15-SP4-Micro-5-3-EC2 Image SLES15-SP4-Micro-5-4 Image SLES15-SP4-Micro-5-4-BYOS Image SLES15-SP4-Micro-5-4-BYOS-Azure Image SLES15-SP4-Micro-5-4-BYOS-EC2 Image SLES15-SP4-Micro-5-4-BYOS-GCE Image SLES15-SP4-Micro-5-4-EC2 Image SLES15-SP4-Micro-5-4-GCE Image SLES15-SP4-SAP Image SLES15-SP4-SAP-Azure Image SLES15-SP4-SAP-Azure-LI-BYOS Image SLES15-SP4-SAP-Azure-LI-BYOS-Production Image SLES15-SP4-SAP-Azure-VLI-BYOS Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production Image SLES15-SP4-SAP-BYOS Image SLES15-SP4-SAP-BYOS-Azure Image SLES15-SP4-SAP-BYOS-EC2 Image SLES15-SP4-SAP-BYOS-GCE Image SLES15-SP4-SAP-EC2 Image SLES15-SP4-SAP-GCE Image SLES15-SP4-SAPCAL Image SLES15-SP4-SAPCAL-Azure Image SLES15-SP4-SAPCAL-EC2 Image SLES15-SP4-SAPCAL-GCE Image SLES15-SP5-Azure-3P Image SLES15-SP5-Azure-Basic Image SLES15-SP5-Azure-Standard Image SLES15-SP5-BYOS-Azure Image SLES15-SP5-BYOS-EC2 Image SLES15-SP5-BYOS-GCE Image SLES15-SP5-CHOST-BYOS-Aliyun Image SLES15-SP5-CHOST-BYOS-Azure Image SLES15-SP5-CHOST-BYOS-EC2 Image SLES15-SP5-CHOST-BYOS-GCE Image SLES15-SP5-CHOST-BYOS-GDC Image SLES15-SP5-CHOST-BYOS-SAP-CCloud Image SLES15-SP5-EC2 Image SLES15-SP5-GCE Image SLES15-SP5-HPC-Azure Image SLES15-SP5-HPC-BYOS-Azure Image SLES15-SP5-HPC-BYOS-EC2 Image SLES15-SP5-HPC-BYOS-GCE Image SLES15-SP5-Manager-Proxy-5-0-BYOS Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure Image SLES15-SP5-Manager-Proxy-5-0-BYOS-EC2 Image SLES15-SP5-Manager-Proxy-5-0-BYOS-GCE Image SLES15-SP5-Manager-Server-5-0 Image SLES15-SP5-Manager-Server-5-0-Azure-llc Image SLES15-SP5-Manager-Server-5-0-Azure-ltd Image SLES15-SP5-Manager-Server-5-0-BYOS Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure Image SLES15-SP5-Manager-Server-5-0-BYOS-EC2 Image SLES15-SP5-Manager-Server-5-0-BYOS-GCE Image SLES15-SP5-Manager-Server-5-0-EC2-llc Image SLES15-SP5-Manager-Server-5-0-EC2-ltd Image SLES15-SP5-Micro-5-5 Image SLES15-SP5-Micro-5-5-Azure Image SLES15-SP5-Micro-5-5-BYOS Image SLES15-SP5-Micro-5-5-BYOS-Azure Image SLES15-SP5-Micro-5-5-BYOS-EC2 Image SLES15-SP5-Micro-5-5-BYOS-GCE Image SLES15-SP5-Micro-5-5-EC2 Image SLES15-SP5-Micro-5-5-GCE Image SLES15-SP5-SAP-Azure-3P Image SLES15-SP5-SAP-Azure-LI-BYOS Image SLES15-SP5-SAP-Azure-LI-BYOS-Production Image SLES15-SP5-SAP-Azure-VLI-BYOS Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production Image SLES15-SP5-SAP-BYOS-Azure Image SLES15-SP5-SAP-BYOS-EC2 Image SLES15-SP5-SAP-BYOS-GCE Image SLES15-SP5-SAPCAL-Azure Image SLES15-SP5-SAPCAL-EC2 Image SLES15-SP5-SAPCAL-GCE Affected
Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.65 Container suse/sl-micro/6.0/base-os-container:2.1.3-7.32 Container suse/sl-micro/6.0/kvm-os-container:2.1.3-6.56 Container suse/sl-micro/6.0/rt-os-container:2.1.3-7.66 Image SL-Micro Affected
Container suse/sl-micro/6.0/toolbox:13.2-9.18 Affected

Share

CVE-2025-6018 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy