A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00026.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Redhat
  • Cert Manager
  • Confidential Compute Attestation
  • Discovery
  • Enterprise Linux
  • Insights Proxy
  • Rhel Aus
  • Rhel E4s
  • Rhel Els
  • Rhel Eus
  • Rhel Eus Long Life
  • Rhel Tus
  • Webterminal

No data.

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-24657 A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
Fixes

Solution

No solution given by the vendor.

Workaround

Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.

References
Link Providers
https://access.redhat.com/errata/RHSA-2025:14557 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15099 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15100 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15101 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15102 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15103 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15104 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15105 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15106 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15107 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15709 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15827 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15828 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:16524 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:17181 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:18219 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-8941 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2388220 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-8941 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-8941 cve-icon
History

Thu, 06 Nov 2025 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat insights Proxy
CPEs cpe:/a:redhat:insights_proxy:1.5::el9
Vendors & Products Redhat insights Proxy
References

Thu, 16 Oct 2025 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat cert Manager
CPEs cpe:/a:redhat:cert_manager:1.16::el9
Vendors & Products Redhat cert Manager
References

Wed, 08 Oct 2025 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:rhivos:1
Vendors & Products Redhat rhivos

Fri, 03 Oct 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhivos
CPEs cpe:/o:redhat:rhivos:1
Vendors & Products Redhat rhivos

Tue, 23 Sep 2025 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat discovery
CPEs cpe:/a:redhat:discovery:2::el9
Vendors & Products Redhat discovery
References

Mon, 15 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:webterminal:1.12::el9
References

Mon, 15 Sep 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat webterminal
CPEs cpe:/a:redhat:webterminal:1.11::el9
Vendors & Products Redhat webterminal
References

Thu, 11 Sep 2025 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat confidential Compute Attestation
CPEs cpe:/a:redhat:confidential_compute_attestation:1.10::el9
Vendors & Products Redhat confidential Compute Attestation
References

Wed, 03 Sep 2025 03:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
Redhat rhel Eus
Redhat rhel Tus
CPEs cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:9		 cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:rhel_e4s:9.2::appstream
cpe:/a:redhat:rhel_eus:9.4::appstream
cpe:/o:redhat:enterprise_linux:9::baseos
cpe:/o:redhat:rhel_aus:8.6::baseos
cpe:/o:redhat:rhel_e4s:8.6::baseos
cpe:/o:redhat:rhel_e4s:8.8::baseos
cpe:/o:redhat:rhel_e4s:9.2::baseos
cpe:/o:redhat:rhel_els:7
cpe:/o:redhat:rhel_eus:9.4::baseos
cpe:/o:redhat:rhel_tus:8.6::baseos
cpe:/o:redhat:rhel_tus:8.8::baseos
Vendors & Products Redhat rhel Els
Redhat rhel Eus
Redhat rhel Tus
References

Wed, 03 Sep 2025 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel Eus Long Life
CPEs cpe:/o:redhat:rhel_aus:8.2::baseos
cpe:/o:redhat:rhel_aus:8.4::baseos
cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Vendors & Products Redhat rhel Aus
Redhat rhel Eus Long Life
References

Wed, 03 Sep 2025 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
CPEs cpe:/a:redhat:rhel_e4s:9.0::appstream
cpe:/o:redhat:rhel_e4s:9.0::baseos
Vendors & Products Redhat rhel E4s
References

Mon, 01 Sep 2025 09:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:8::baseos
References

Thu, 14 Aug 2025 06:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Wed, 13 Aug 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 13 Aug 2025 14:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
Title Linux-pam: incomplete fix for cve-2025-6020
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-22
CPEs cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-11-06T22:03:56.722Z

Reserved: 2025-08-13T12:24:47.522Z

Link: CVE-2025-8941

cve-icon Vulnrichment

Updated: 2025-08-13T14:50:43.534Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-13T15:15:41.873

Modified: 2025-11-06T22:15:44.947

Link: CVE-2025-8941

cve-icon Redhat

Severity : Important

Publid Date: 2025-08-13T00:00:00Z

Links: CVE-2025-8941 - Bugzilla

cve-icon OpenCVE Enrichment

No data.