How to fix CVE-2025-6020?

Within 24 hours: Audit systems running vulnerable PAM versions and identify which have untrusted local users. Restrict local account access where feasible and review privileged account activity logs. Within 7 days: Implement enhanced monitoring for symlink manipulation and PAM-related privilege escalation attempts; prepare patching procedures and test in non-production environments. Within 30 days: Apply vendor patch immediately upon release; if no patch becomes available, implement permanent compensating controls and establish timeline for OS upgrade or migration.

Is Redhat affected by CVE-2025-6020?

CVE-2025-6020 is a privilege escalation vulnerability in Linux PAM that allows local users to gain root access through symlink attacks and race conditions.

CVE-2025-6020

EUVD-2025-19056 HIGH

2025-06-17 [email protected]

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 14, 2026 - 22:15 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 22:15 euvd

EUVD-2025-19056

CVE Published

Jun 17, 2025 - 13:15 nvd

HIGH 7.8

Description

A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.

Analysis

A privilege escalation vulnerability in A flaw (CVSS 7.8). High severity vulnerability requiring prompt remediation.

Technical Context

CWE-22 (Path Traversal). CVSS 7.8 indicates high severity. Affects A flaw.

Affected Products

['A flaw']

Remediation

Monitor vendor channels for patch availability.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +39

POC: 0

Vendor Status

Ubuntu

Priority: Medium

pam

Release	Status	Version
trusty	needs-triage	-
xenial	needs-triage	-
bionic	needs-triage	-
focal	needs-triage	-
upstream	needs-triage	-
jammy	released	1.4.0-11ubuntu2.6
noble	released	1.5.3-5ubuntu5.4
oracular	released	1.5.3-7ubuntu2.3
plucky	released	1.5.3-7ubuntu4.3
questing	released	1.5.3-7ubuntu6

USN-7580-1

Debian

Bug #1107919

pam

Release	Status	Fixed Version	Urgency
bullseye	fixed	1.4.0-9+deb11u2	-
bullseye (security)	fixed	1.4.0-9+deb11u2	-
bookworm	fixed	1.5.2-6+deb12u2	-
forky, sid, trixie	fixed	1.7.0-5	-
experimental	fixed	1.7.0-4	-
(unstable)	fixed	1.7.0-5	-

DLA-4306-1

CVE-2025-6020 vulnerability details – vuln.today

Back

CVE-2025-6020

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

CVE-2025-6020

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code