Skip to main content

Pam Config

1 CVEs product

Monthly

CVE-2025-6018 HIGH POC PATCH This Week

Local privilege escalation in SUSE Linux Enterprise 15 / openSUSE Leap pam-config (PAM) lets an unprivileged local user - including one logged in remotely over SSH - be incorrectly treated as a physically present "allow_active" console user. By gaining that session status, the attacker can invoke Polkit actions normally gated to active console sessions, and publicly available exploit code (Qualys) chains this with the udisks flaw CVE-2025-6019 to reach full root. There is no public evidence of active exploitation (not in CISA KEV), but working POC exploit code exists.

Authentication Bypass Privilege Escalation Pam Config
NVD Exploit-DB GitHub
CVSS 3.1
7.8
EPSS
1.0%
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Local privilege escalation in SUSE Linux Enterprise 15 / openSUSE Leap pam-config (PAM) lets an unprivileged local user - including one logged in remotely over SSH - be incorrectly treated as a physically present "allow_active" console user. By gaining that session status, the attacker can invoke Polkit actions normally gated to active console sessions, and publicly available exploit code (Qualys) chains this with the udisks flaw CVE-2025-6019 to reach full root. There is no public evidence of active exploitation (not in CISA KEV), but working POC exploit code exists.

Authentication Bypass Privilege Escalation Pam Config
NVD Exploit-DB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy