CVE-2025-6020

HIGH

Red Hat Enterprise Linux - Privilege Escalation via pam_namespace Symlink Race Condition

Title source: llm

Description

A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.

References (32)

Core 32

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html

Mailing List

http://www.openwall.com/lists/oss-security/2025/06/17/1

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10024

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10027

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10180

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10354

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10357

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10358

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10359

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10361

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10362

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10735

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10823

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:11386

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:11487

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:14557

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:15099

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:15709

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:15827

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:15828

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:16524

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:17181

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:18219

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:20181

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:21885

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:22019

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9526

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2026:0934

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2025-6020

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2372512

https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-577017.html

Scores

CVSS v3 7.8

EPSS 0.0007

EPSS Percentile 21.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-22

Status published

Products (50)

Red Hat/cert-manager operator for Red Hat OpenShift 1.16 sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b

Red Hat/cert-manager operator for Red Hat OpenShift 1.16 sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323

Red Hat/Compliance Operator 1 sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049

Red Hat/Compliance Operator 1 sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628

Red Hat/OpenShift Compliance Operator 1 sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049

Red Hat/Red Hat Discovery 2 sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda

Red Hat/Red Hat Discovery 2 sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de

Red Hat/Red Hat Discovery 2 sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3

Red Hat/Red Hat Discovery 2 sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083

Red Hat/Red Hat Enterprise Linux 10 0:1.6.1-8.el10

... and 40 more

Published Jun 17, 2025

Tracked Since Feb 18, 2026