{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6020", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-06-11T22:38:25.643Z", "datePublished": "2025-06-17T12:44:08.646Z", "dateUpdated": "2025-08-26T13:43:27.068Z"}, "containers": {"cna": {"title": "Linux-pam: linux-pam directory traversal", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions."}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "1.7.1", "versionType": "semver"}], "packageName": "linux-pam", "collectionURL": "https://github.com/linux-pam/linux-pam", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pam", "defaultStatus": "affected", "versions": [{"version": "0:1.1.8-23.el7_9.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_els:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pam", "defaultStatus": "affected", "versions": [{"version": "0:1.3.1-37.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pam", "defaultStatus": "affected", "versions": [{"version": "0:1.3.1-38.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pam", "defaultStatus": "affected", "versions": [{"version": "0:1.3.1-8.el8_2.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_aus:8.2::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pam", "defaultStatus": "affected", "versions": [{"version": "0:1.3.1-14.el8_4.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_aus:8.4::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pam", "defaultStatus": "affected", "versions": [{"version": "0:1.3.1-16.el8_6.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pam", "defaultStatus": "affected", "versions": [{"version": "0:1.3.1-16.el8_6.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pam", "defaultStatus": "affected", "versions": [{"version": "0:1.3.1-16.el8_6.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pam", "defaultStatus": "affected", "versions": [{"version": "0:1.3.1-26.el8_8.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:8.8::baseos", "cpe:/o:redhat:rhel_tus:8.8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pam", "defaultStatus": "affected", "versions": [{"version": "0:1.3.1-26.el8_8.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:8.8::baseos", "cpe:/o:redhat:rhel_tus:8.8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pam", "defaultStatus": "affected", "versions": [{"version": "0:1.5.1-25.el9_6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pam", "defaultStatus": "affected", "versions": [{"version": "0:1.5.1-25.el9_6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pam", "defaultStatus": "affected", "versions": [{"version": "0:1.5.1-9.el9_0.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:9.0::baseos", "cpe:/a:redhat:rhel_e4s:9.0::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pam", "defaultStatus": "affected", "versions": [{"version": "0:1.5.1-15.el9_2.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:9.2::appstream", "cpe:/o:redhat:rhel_e4s:9.2::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.4 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pam", "defaultStatus": "affected", "versions": [{"version": "0:1.5.1-24.el9_4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.4::appstream", "cpe:/o:redhat:rhel_eus:9.4::baseos"]}, {"vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhpam-7/rhpam-businesscentral-monitoring-rhel8", "defaultStatus": "affected", "versions": [{"version": "7.13.5-4.1752066672", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"]}, {"vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhpam-7/rhpam-businesscentral-rhel8", "defaultStatus": "affected", "versions": [{"version": "7.13.5-4.1752065732", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"]}, {"vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhpam-7/rhpam-controller-rhel8", "defaultStatus": "affected", "versions": [{"version": "7.13.5-4.1752065732", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"]}, {"vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhpam-7/rhpam-dashbuilder-rhel8", "defaultStatus": "affected", "versions": [{"version": "7.13.5-3.1752065737", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"]}, {"vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhpam-7/rhpam-kieserver-rhel8", "defaultStatus": "affected", "versions": [{"version": "7.13.5-4.1752065731", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"]}, {"vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhpam-7/rhpam-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "7.13.5-25", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"]}, {"vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhpam-7/rhpam-process-migration-rhel8", "defaultStatus": "affected", "versions": [{"version": "7.13.5-4.1752065736", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"]}, {"vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhpam-7/rhpam-rhel8-operator", "defaultStatus": "affected", "versions": [{"version": "7.13.5-2.1752065733", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"]}, {"vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhpam-7/rhpam-smartrouter-rhel8", "defaultStatus": "affected", "versions": [{"version": "7.13.5-4.1752065755", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Discovery 2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "registry.redhat.io/discovery/discovery-server-rhel9", "defaultStatus": "affected", "versions": [{"version": "sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:discovery:2::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8", "defaultStatus": "affected", "versions": [{"version": "sha256:1faa5daf085b0844740653d96711b3fcfa766a77224fb523335d877b8e314b57", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator", "defaultStatus": "affected", "versions": [{"version": "sha256:c18d414518b1eaed33a17a13f6c0273ab14405dd9569c169e6839026330e0895", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8", "defaultStatus": "affected", "versions": [{"version": "sha256:46090c79b193de2028b4c994d3013fec7102f3b10673ecd09b017be4de7bf9f6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8", "defaultStatus": "affected", "versions": [{"version": "sha256:3e188c2073ae9099a3057c55d9366b6d1ec290b0016afa85f632c00cc4b778fa", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "registry.redhat.io/rhosdt/tempo-gateway-rhel8", "defaultStatus": "affected", "versions": [{"version": "sha256:3d281c9d7fe151c35605aac57a95fec699d20ecea6f4a5ea5b8cdc26a8808695", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8", "defaultStatus": "affected", "versions": [{"version": "sha256:2a37885dbd9735167854119a546f9ce1b37454a2b57d283fbd8da890c01db767", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "registry.redhat.io/rhosdt/tempo-query-rhel8", "defaultStatus": "affected", "versions": [{"version": "sha256:8f2da1e0fc45a36cffbe91f9a1c4449eb0c71671865b7194951ad727c9f7b064", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "registry.redhat.io/rhosdt/tempo-rhel8", "defaultStatus": "affected", "versions": [{"version": "sha256:9eaae087bccf2cedfea26d1c0235cfbbe227f9b8f1eda67dc0b33441e319eb85", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "registry.redhat.io/rhosdt/tempo-rhel8-operator", "defaultStatus": "affected", "versions": [{"version": "sha256:cbfcac41c1bd3a06e874433089e231dfd2a944dee139906d9949e2d68b71cfc3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:10024", "name": "RHSA-2025:10024", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:10027", "name": "RHSA-2025:10027", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:10180", "name": "RHSA-2025:10180", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:10354", "name": "RHSA-2025:10354", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:10357", "name": "RHSA-2025:10357", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:10358", "name": "RHSA-2025:10358", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:10359", "name": "RHSA-2025:10359", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:10361", "name": "RHSA-2025:10361", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:10362", "name": "RHSA-2025:10362", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:10735", "name": "RHSA-2025:10735", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:10823", "name": "RHSA-2025:10823", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11386", "name": "RHSA-2025:11386", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11487", "name": "RHSA-2025:11487", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:14557", "name": "RHSA-2025:14557", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:9526", "name": "RHSA-2025:9526", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-6020", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512", "name": "RHBZ#2372512", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2025-06-17T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "workarounds": [{"lang": "en", "value": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`."}], "timeline": [{"lang": "en", "time": "2025-06-12T16:33:01.214000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-06-17T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Olivier BAL-PETRE (ANSSI - French Cybersecurity Agency) for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-08-26T02:58:42.585Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-17T13:30:00.379966Z", "id": "CVE-2025-6020", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-26T13:43:27.068Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/06/17/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-06-17T16:03:33.413Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/06/17/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-06-17T16:03:33.413Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6020", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-17T13:30:00.379966Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T13:30:18.921Z"}}], "cna": {"title": "Linux-pam: linux-pam directory traversal", "credits": [{"lang": "en", "value": "Red Hat would like to thank Olivier BAL-PETRE (ANSSI - French Cybersecurity Agency) for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "1.7.1", "versionType": "semver"}], "packageName": "linux-pam", "collectionURL": "https://github.com/linux-pam/linux-pam", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:rhel_els:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "versions": [{"status": "unaffected", "version": "0:1.1.8-23.el7_9.1", "lessThan": "*", "versionType": "rpm"}], "packageName": "pam", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:1.3.1-37.el8_10", "lessThan": "*", "versionType": "rpm"}], "packageName": "pam", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:1.3.1-38.el8_10", "lessThan": "*", "versionType": "rpm"}], "packageName": "pam", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_aus:8.2::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "versions": [{"status": "unaffected", "version": "0:1.3.1-8.el8_2.1", "lessThan": "*", "versionType": "rpm"}], "packageName": "pam", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_aus:8.4::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "versions": [{"status": "unaffected", "version": "0:1.3.1-14.el8_4.1", "lessThan": "*", "versionType": "rpm"}], "packageName": "pam", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "versions": [{"status": "unaffected", "version": "0:1.3.1-16.el8_6.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "pam", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "0:1.3.1-16.el8_6.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "pam", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos", "cpe:/o:redhat:rhel_e4s:8.6::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:1.3.1-16.el8_6.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "pam", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:8.8::baseos", "cpe:/o:redhat:rhel_tus:8.8::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "0:1.3.1-26.el8_8.1", "lessThan": "*", "versionType": "rpm"}], "packageName": "pam", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:8.8::baseos", "cpe:/o:redhat:rhel_tus:8.8::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:1.3.1-26.el8_8.1", "lessThan": "*", "versionType": "rpm"}], "packageName": "pam", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:1.5.1-25.el9_6", "lessThan": "*", "versionType": "rpm"}], "packageName": "pam", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:1.5.1-25.el9_6", "lessThan": "*", "versionType": "rpm"}], "packageName": "pam", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:9.0::baseos", "cpe:/a:redhat:rhel_e4s:9.0::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:1.5.1-9.el9_0.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "pam", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:9.2::appstream", "cpe:/o:redhat:rhel_e4s:9.2::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:1.5.1-15.el9_2.1", "lessThan": "*", "versionType": "rpm"}], "packageName": "pam", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.4::appstream", "cpe:/o:redhat:rhel_eus:9.4::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.4 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:1.5.1-24.el9_4", "lessThan": "*", "versionType": "rpm"}], "packageName": "pam", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"], "vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "versions": [{"status": "unaffected", "version": "7.13.5-4.1752066672", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhpam-7/rhpam-businesscentral-monitoring-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"], "vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "versions": [{"status": "unaffected", "version": "7.13.5-4.1752065732", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhpam-7/rhpam-businesscentral-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"], "vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "versions": [{"status": "unaffected", "version": "7.13.5-4.1752065732", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhpam-7/rhpam-controller-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"], "vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "versions": [{"status": "unaffected", "version": "7.13.5-3.1752065737", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhpam-7/rhpam-dashbuilder-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"], "vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "versions": [{"status": "unaffected", "version": "7.13.5-4.1752065731", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhpam-7/rhpam-kieserver-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"], "vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "versions": [{"status": "unaffected", "version": "7.13.5-25", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhpam-7/rhpam-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"], "vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "versions": [{"status": "unaffected", "version": "7.13.5-4.1752065736", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhpam-7/rhpam-process-migration-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"], "vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "versions": [{"status": "unaffected", "version": "7.13.5-2.1752065733", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhpam-7/rhpam-rhel8-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"], "vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "versions": [{"status": "unaffected", "version": "7.13.5-4.1752065755", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhpam-7/rhpam-smartrouter-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:discovery:2::el9"], "vendor": "Red Hat", "product": "Red Hat Discovery 2", "versions": [{"status": "unaffected", "version": "sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de", "lessThan": "*", "versionType": "rpm"}], "packageName": "registry.redhat.io/discovery/discovery-server-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "versions": [{"status": "unaffected", "version": "sha256:1faa5daf085b0844740653d96711b3fcfa766a77224fb523335d877b8e314b57", "lessThan": "*", "versionType": "rpm"}], "packageName": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "versions": [{"status": "unaffected", "version": "sha256:c18d414518b1eaed33a17a13f6c0273ab14405dd9569c169e6839026330e0895", "lessThan": "*", "versionType": "rpm"}], "packageName": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "versions": [{"status": "unaffected", "version": "sha256:46090c79b193de2028b4c994d3013fec7102f3b10673ecd09b017be4de7bf9f6", "lessThan": "*", "versionType": "rpm"}], "packageName": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "versions": [{"status": "unaffected", "version": "sha256:3e188c2073ae9099a3057c55d9366b6d1ec290b0016afa85f632c00cc4b778fa", "lessThan": "*", "versionType": "rpm"}], "packageName": "registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "versions": [{"status": "unaffected", "version": "sha256:3d281c9d7fe151c35605aac57a95fec699d20ecea6f4a5ea5b8cdc26a8808695", "lessThan": "*", "versionType": "rpm"}], "packageName": "registry.redhat.io/rhosdt/tempo-gateway-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "versions": [{"status": "unaffected", "version": "sha256:2a37885dbd9735167854119a546f9ce1b37454a2b57d283fbd8da890c01db767", "lessThan": "*", "versionType": "rpm"}], "packageName": "registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "versions": [{"status": "unaffected", "version": "sha256:8f2da1e0fc45a36cffbe91f9a1c4449eb0c71671865b7194951ad727c9f7b064", "lessThan": "*", "versionType": "rpm"}], "packageName": "registry.redhat.io/rhosdt/tempo-query-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "versions": [{"status": "unaffected", "version": "sha256:9eaae087bccf2cedfea26d1c0235cfbbe227f9b8f1eda67dc0b33441e319eb85", "lessThan": "*", "versionType": "rpm"}], "packageName": "registry.redhat.io/rhosdt/tempo-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3.6::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3.6.1", "versions": [{"status": "unaffected", "version": "sha256:cbfcac41c1bd3a06e874433089e231dfd2a944dee139906d9949e2d68b71cfc3", "lessThan": "*", "versionType": "rpm"}], "packageName": "registry.redhat.io/rhosdt/tempo-rhel8-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2025-06-12T16:33:01.214000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-06-17T00:00:00+00:00", "value": "Made public."}], "datePublic": "2025-06-17T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:10024", "name": "RHSA-2025:10024", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:10027", "name": "RHSA-2025:10027", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:10180", "name": "RHSA-2025:10180", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:10354", "name": "RHSA-2025:10354", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:10357", "name": "RHSA-2025:10357", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:10358", "name": "RHSA-2025:10358", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:10359", "name": "RHSA-2025:10359", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:10361", "name": "RHSA-2025:10361", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:10362", "name": "RHSA-2025:10362", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:10735", "name": "RHSA-2025:10735", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:10823", "name": "RHSA-2025:10823", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11386", "name": "RHSA-2025:11386", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:11487", "name": "RHSA-2025:11487", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:14557", "name": "RHSA-2025:14557", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:9526", "name": "RHSA-2025:9526", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-6020", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512", "name": "RHBZ#2372512", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`."}], "descriptions": [{"lang": "en", "value": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-08-26T02:58:42.585Z"}, "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}}, "cveMetadata": {"cveId": "CVE-2025-6020", "state": "PUBLISHED", "dateUpdated": "2025-08-26T13:43:27.068Z", "dateReserved": "2025-06-11T22:38:25.643Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-06-17T12:44:08.646Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en linux-pam. El m\u00f3dulo pam_namespace puede acceder a rutas controladas por el usuario sin la protecci\u00f3n adecuada, lo que permite a los usuarios locales elevar sus privilegios a root mediante m\u00faltiples ataques de enlace simb\u00f3lico y condiciones de ejecuci\u00f3n."}], "id": "CVE-2025-6020", "lastModified": "2025-08-26T03:15:30.120", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2025-06-17T13:15:21.660", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:10024"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:10027"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:10180"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:10354"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:10357"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:10358"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:10359"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:10361"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:10362"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:10735"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:10823"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:11386"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:11487"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:14557"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:9526"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2025-6020"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2025/06/17/1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Olivier BAL-PETRE (ANSSI - French Cybersecurity Agency) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2025:10357", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "pam-0:1.1.8-23.el7_9.1", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10027", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "pam-0:1.3.1-37.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10362", "cpe": "cpe:/o:redhat:rhel_aus:8.2", "package": "pam-0:1.3.1-8.el8_2.1", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10361", "cpe": "cpe:/o:redhat:rhel_aus:8.4", "package": "pam-0:1.3.1-14.el8_4.1", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10359", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "pam-0:1.3.1-16.el8_6.2", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10359", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "pam-0:1.3.1-16.el8_6.2", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10359", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "pam-0:1.3.1-16.el8_6.2", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10358", "cpe": "cpe:/o:redhat:rhel_tus:8.8", "package": "pam-0:1.3.1-26.el8_8.1", "product_name": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10358", "cpe": "cpe:/o:redhat:rhel_e4s:8.8", "package": "pam-0:1.3.1-26.el8_8.1", "product_name": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:9526", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "pam-0:1.5.1-25.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-06-24T00:00:00Z"}, {"advisory": "RHSA-2025:9526", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "pam-0:1.5.1-25.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-06-24T00:00:00Z"}, {"advisory": "RHSA-2025:10354", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "pam-0:1.5.1-9.el9_0.2", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10180", "cpe": "cpe:/a:redhat:rhel_e4s:9.2", "package": "pam-0:1.5.1-15.el9_2.1", "product_name": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date": "2025-07-02T00:00:00Z"}, {"advisory": "RHSA-2025:10024", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "pam-0:1.5.1-24.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10735", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8", "package": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8:sha256:1faa5daf085b0844740653d96711b3fcfa766a77224fb523335d877b8e314b57", "product_name": "Red Hat OpenShift distributed tracing 3.6.1", "release_date": "2025-07-09T00:00:00Z"}, {"advisory": "RHSA-2025:10735", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8", "package": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator:sha256:5bb83d0b9387f51291c3977d37aab8a19e978a7dccf3d72cae0dabb66bd26df4", "product_name": "Red Hat OpenShift distributed tracing 3.6.1", "release_date": "2025-07-09T00:00:00Z"}, {"advisory": "RHSA-2025:10735", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.6::el8", "package": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8:sha256:f49a121a3d0ec81f510680cd47c552f82c48889f28d3f14037c582636085410a", "product_name": "Red Hat OpenShift distributed tracing 3.6.1", "release_date": "2025-07-09T00:00:00Z"}], "bugzilla": {"description": "linux-pam: Linux-pam directory Traversal", "id": "2372512", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-22", "details": ["A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions."], "mitigation": {"lang": "en:us", "value": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`."}, "name": "CVE-2025-6020", "public_date": "2025-06-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-6020\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-6020"], "statement": "This vulnerability in pam_namespace marked as Important rather than Moderate due to its direct impact on privilege boundaries and the ease of exploitation in common configurations. By leveraging symlink attacks or race conditions in polyinstantiated directories under their control, unprivileged local users can escalate to root, compromising the entire system. Since pam_namespace is often used in multi-user environments (e.g., shared systems, terminal servers, containers), a misconfigured or partially protected setup becomes a single point of failure. The attack does not require special capabilities or kernel-level exploits\u2014just timing and control over certain paths\u2014making it both reliable and low-barrier. Moreover, privilege escalation flaws like this can be chained with other vulnerabilities to persist or evade detection, further amplifying the risk.", "threat_severity": "Important"}

{}