CVE-2025-8941 - Vulnerability Details

A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00027.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Redhat	Confidential Compute Attestation Discovery Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Eus Long Life Rhel Tus Webterminal

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2025-24657	A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.

Fixes

Solution

No solution given by the vendor.

Workaround

Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2025:14557
https://access.redhat.com/errata/RHSA-2025:15099
https://access.redhat.com/errata/RHSA-2025:15100
https://access.redhat.com/errata/RHSA-2025:15101
https://access.redhat.com/errata/RHSA-2025:15102
https://access.redhat.com/errata/RHSA-2025:15103
https://access.redhat.com/errata/RHSA-2025:15104
https://access.redhat.com/errata/RHSA-2025:15105
https://access.redhat.com/errata/RHSA-2025:15106
https://access.redhat.com/errata/RHSA-2025:15107
https://access.redhat.com/errata/RHSA-2025:15709
https://access.redhat.com/errata/RHSA-2025:15827
https://access.redhat.com/errata/RHSA-2025:15828
https://access.redhat.com/errata/RHSA-2025:16524
https://access.redhat.com/security/cve/CVE-2025-8941
https://bugzilla.redhat.com/show_bug.cgi?id=2388220
https://nvd.nist.gov/vuln/detail/CVE-2025-8941
https://www.cve.org/CVERecord?id=CVE-2025-8941

History

Wed, 08 Oct 2025 14:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:rhivos:1~~
Vendors & Products	Redhat rhivos

Fri, 03 Oct 2025 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhivos
CPEs		cpe:/o:redhat:rhivos:1
Vendors & Products		Redhat rhivos

Tue, 23 Sep 2025 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat discovery
CPEs		cpe:/a:redhat:discovery:2::el9
Vendors & Products		Redhat discovery
References		https://access.redhat.com/errata/RHSA-2025:16524

Mon, 15 Sep 2025 18:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:webterminal:1.12::el9
References		https://access.redhat.com/errata/RHSA-2025:15827

Mon, 15 Sep 2025 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat webterminal
CPEs		cpe:/a:redhat:webterminal:1.11::el9
Vendors & Products		Redhat webterminal
References		https://access.redhat.com/errata/RHSA-2025:15828

Thu, 11 Sep 2025 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat confidential Compute Attestation
CPEs		cpe:/a:redhat:confidential_compute_attestation:1.10::el9
Vendors & Products		Redhat confidential Compute Attestation
References		https://access.redhat.com/errata/RHSA-2025:15709

Wed, 03 Sep 2025 03:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Els Redhat rhel Eus Redhat rhel Tus
CPEs	cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:9	cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/o:redhat:enterprise_linux:9::baseos cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_e4s:9.2::baseos cpe:/o:redhat:rhel_els:7 cpe:/o:redhat:rhel_eus:9.4::baseos cpe:/o:redhat:rhel_tus:8.6::baseos cpe:/o:redhat:rhel_tus:8.8::baseos
Vendors & Products		Redhat rhel Els Redhat rhel Eus Redhat rhel Tus
References		https://access.redhat.com/errata/RHSA-2025:15099 https://access.redhat.com/errata/RHSA-2025:15101 https://access.redhat.com/errata/RHSA-2025:15102 https://access.redhat.com/errata/RHSA-2025:15103 https://access.redhat.com/errata/RHSA-2025:15105 https://access.redhat.com/errata/RHSA-2025:15106

Wed, 03 Sep 2025 01:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel Eus Long Life
CPEs		cpe:/o:redhat:rhel_aus:8.2::baseos cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Vendors & Products		Redhat rhel Aus Redhat rhel Eus Long Life
References		https://access.redhat.com/errata/RHSA-2025:15104 https://access.redhat.com/errata/RHSA-2025:15107

Wed, 03 Sep 2025 01:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel E4s
CPEs		cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/o:redhat:rhel_e4s:9.0::baseos
Vendors & Products		Redhat rhel E4s
References		https://access.redhat.com/errata/RHSA-2025:15100

Mon, 01 Sep 2025 09:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:8~~	cpe:/o:redhat:enterprise_linux:8::baseos
References		https://access.redhat.com/errata/RHSA-2025:14557

Thu, 14 Aug 2025 06:30:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-8941 https://www.cve.org/CVERecord?id=CVE-2025-8941
Metrics	threat_severity `None`	threat_severity `Important`

Wed, 13 Aug 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 13 Aug 2025 14:45:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
Title		Linux-pam: incomplete fix for cve-2025-6020
First Time appeared		Redhat Redhat enterprise Linux
Weaknesses		CWE-22
CPEs		cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux
References		https://access.redhat.com/security/cve/CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-08-13T14:42:37.570Z

Updated: 2025-10-08T14:03:51.752Z

Reserved: 2025-08-13T12:24:47.522Z

Link: CVE-2025-8941

Vulnrichment

Updated: 2025-08-13T14:50:43.534Z

NVD

Status : Awaiting Analysis

Published: 2025-08-13T15:15:41.873

Modified: 2025-09-23T20:15:33.927

Link: CVE-2025-8941

Redhat

Severity : Important

Publid Date: 2025-08-13T00:00:00Z

Links: CVE-2025-8941 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object