CVE-2025-8941

HIGH

Red Hat Enterprise Linux 7 Extended Lifecycle Support - Privilege Escalation via pam_namespace Symlink Attack

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-8941. PoCs published by GhoStZA-debug, N3k0t-dev.

AI-analyzed exploit summary The repository contains a functional exploit for CVE-2025-11953, a critical OS command injection vulnerability in React Native Community CLI Metro Development Server. The exploit includes both basic and advanced payloads, along with a Python framework for interactive command execution and reverse shell deployment.

Description

A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.

Exploits (2)

github WORKING POC 1 stars

by GhoStZA-debug · poc

https://github.com/GhoStZA-debug/PoC-CVE-collection

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2025-11953, a critical OS command injection vulnerability in React Native Community CLI Metro Development Server. The exploit includes both basic and advanced payloads, along with a Python framework for interactive command execution and reverse shell deployment.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: React Native Community CLI Metro Development Server (versions 4.8.0 - 20.0.0-alpha.2)

No auth needed

Prerequisites: Access to the Metro server on port 8081 · Network connectivity to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 01, 2026 Full analysis →

github WORKING POC 1 stars

by N3k0t-dev · pythonpoc

https://github.com/N3k0t-dev/PoC-CVE-collection

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2025-11953, a critical command injection vulnerability in React Native Community CLI Metro Development Server. The exploit includes both basic and advanced payloads, with a Python framework for interactive command execution and reverse shell deployment.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: react-native-community/cli-server-api versions 4.8.0 to 20.0.0-alpha.2

No auth needed

Prerequisites: Access to the Metro Development Server on port 8081

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (19)

Core 19

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:14557

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:15099

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:15100

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:15101

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:15102

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:15103

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:15104

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:15105

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:15106

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:15107

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:15709

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:15827

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:15828

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:16524

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:17181

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:18219

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:21885

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2025-8941

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2388220

Scores

CVSS v3 7.8

EPSS 0.0025

EPSS Percentile 16.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-22

Status published

Products (25)

Red Hat/cert-manager operator for Red Hat OpenShift 1.16 sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323

Red Hat/Compliance Operator 1 sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628

Red Hat/Red Hat Discovery 2 sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083

Red Hat/Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:1.1.8-23.el7_9.2

Red Hat/Red Hat Enterprise Linux 8 0:1.3.1-38.el8_10

Red Hat/Red Hat Enterprise Linux 8.2 Advanced Update Support 0:1.3.1-8.el8_2.2

Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support 0:1.3.1-14.el8_4.2

Red Hat/Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On 0:1.3.1-14.el8_4.2

Red Hat/Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support 0:1.3.1-16.el8_6.3

Red Hat/Red Hat Enterprise Linux 8.6 Telecommunications Update Service 0:1.3.1-16.el8_6.3

... and 15 more

Published Aug 13, 2025

Tracked Since Feb 18, 2026