CVE-2025-8941Path Traversal in PAM

CWE-22Path Traversal5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 97.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Debian PAM
Timeline
PublishedAug 13

Description

A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

debiandebian/pam

🔴Vulnerability Details

2
GHSA
GHSA-hqqx-rjqh-53c2: A flaw was found in linux-pam2025-08-13
OSV
CVE-2025-8941: A flaw was found in linux-pam2025-08-13

📋Vendor Advisories

2
Red Hat
linux-pam: Incomplete fix for CVE-2025-60202025-08-13
Debian
CVE-2025-8941: pam - A flaw was found in linux-pam. The pam_namespace module may improperly handle us...2025