A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
Fixes

Solution

No solution given by the vendor.


Workaround

Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.

History

Mon, 15 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:webterminal:1.12::el9
References

Mon, 15 Sep 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat webterminal
CPEs cpe:/a:redhat:webterminal:1.11::el9
Vendors & Products Redhat webterminal
References

Thu, 11 Sep 2025 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat confidential Compute Attestation
CPEs cpe:/a:redhat:confidential_compute_attestation:1.10::el9
Vendors & Products Redhat confidential Compute Attestation
References

Wed, 03 Sep 2025 03:15:00 +0000

Type Values Removed Values Added
References

Tue, 26 Aug 2025 03:15:00 +0000

Type Values Removed Values Added
References

Mon, 21 Jul 2025 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat discovery
CPEs cpe:/a:redhat:discovery:2::el9
Vendors & Products Redhat discovery
References

Thu, 17 Jul 2025 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhosemc
CPEs cpe:/a:redhat:rhosemc:1.0::el8
Vendors & Products Redhat rhosemc
References

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00023}

epss

{'score': 0.00018}


Thu, 10 Jul 2025 20:00:00 +0000

Type Values Removed Values Added
References

Wed, 09 Jul 2025 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Distributed Tracing
CPEs cpe:/a:redhat:openshift_distributed_tracing:3.6::el8
Vendors & Products Redhat openshift Distributed Tracing
References

Mon, 07 Jul 2025 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:9.0
cpe:/o:redhat:rhel_aus:8.2
cpe:/o:redhat:rhel_aus:8.4
cpe:/o:redhat:rhel_aus:8.6
cpe:/o:redhat:rhel_e4s:8.6
cpe:/o:redhat:rhel_e4s:8.8
cpe:/o:redhat:rhel_tus:8.6
cpe:/o:redhat:rhel_tus:8.8

Mon, 07 Jul 2025 08:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel Els
Redhat rhel Tus
CPEs cpe:/o:redhat:enterprise_linux:7 cpe:/a:redhat:rhel_e4s:9.0::appstream
cpe:/o:redhat:rhel_aus:8.2::baseos
cpe:/o:redhat:rhel_aus:8.4::baseos
cpe:/o:redhat:rhel_aus:8.6::baseos
cpe:/o:redhat:rhel_e4s:8.6::baseos
cpe:/o:redhat:rhel_e4s:8.8::baseos
cpe:/o:redhat:rhel_e4s:9.0::baseos
cpe:/o:redhat:rhel_els:7
cpe:/o:redhat:rhel_tus:8.6::baseos
cpe:/o:redhat:rhel_tus:8.8::baseos
Vendors & Products Redhat rhel Aus
Redhat rhel Els
Redhat rhel Tus
References

Wed, 02 Jul 2025 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:9.2

Wed, 02 Jul 2025 08:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
CPEs cpe:/a:redhat:rhel_e4s:9.2::appstream
cpe:/o:redhat:rhel_e4s:9.2::baseos
Vendors & Products Redhat rhel E4s
References

Wed, 02 Jul 2025 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:9.4
cpe:/o:redhat:enterprise_linux:8

Tue, 01 Jul 2025 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:8::baseos
References

Tue, 01 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.4::appstream
cpe:/o:redhat:rhel_eus:9.4::baseos
Vendors & Products Redhat rhel Eus
References

Wed, 25 Jun 2025 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:9

Tue, 24 Jun 2025 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9 cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/o:redhat:enterprise_linux:9::baseos
References

Wed, 18 Jun 2025 15:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Tue, 17 Jun 2025 16:30:00 +0000

Type Values Removed Values Added
References

Tue, 17 Jun 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 17 Jun 2025 13:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
Title Linux-pam: linux-pam directory traversal
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-22
CPEs cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-16T13:43:21.487Z

Reserved: 2025-06-11T22:38:25.643Z

Link: CVE-2025-6020

cve-icon Vulnrichment

Updated: 2025-06-17T16:03:33.413Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-06-17T13:15:21.660

Modified: 2025-09-15T18:15:39.720

Link: CVE-2025-6020

cve-icon Redhat

Severity : Important

Publid Date: 2025-06-17T00:00:00Z

Links: CVE-2025-6020 - Bugzilla

cve-icon OpenCVE Enrichment

No data.