Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-6018Incorrect Authorization in Pam-config

CWE-863Incorrect Authorization7 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 79.17%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Suse Pam-configDebian PAM
Timeline
PublishedJul 23
Latest updateJul 28

Description

A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized con

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDsuse/pam-config1.1.8-24.71.1
debiandebian/pam

🔴Vulnerability Details

1
GHSA
GHSA-cg9q-xmf9-7r6w: A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM)2025-07-23

💥Exploits & PoCs

1
Exploit-DB
Linux PAM Environment - Variable Injection Local Privilege Escalation2025-07-28

📋Vendor Advisories

2
Red Hat
pam-config: LPE from unprivileged to allow_active in PAM2025-06-17
Debian
CVE-2025-6018: pam - A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-conf...2025

🕵️Threat Intelligence

2
Qualys
Qualys TRU Uncovers Chained LPE: SUSE 15 PAM to Full Root via libblockdev/udisks | Qualys2025-06-17
Qualys
Qualys TRU Uncovers Chained LPE: SUSE 15 PAM to Full Root via libblockdev/udisks2025-06-17
CVE-2025-6018 — Incorrect Authorization in Pam-config | cvebase