CVE-2025-6020

EPSS 0.03%
Veröffentlicht 17.06.2025 12:44:08
Zuletzt bearbeitet 25.11.2025 11:15:48
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 32

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/linux-pam/linux-pam

≫

Paket linux-pam

Default Statusunaffected

Version < 1.7.1

Version 0

Status affected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 10

Default Statusaffected

Version < *

Version 0:1.6.1-8.el10

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 10.0 Extended Update Support

Default Statusaffected

Version < *

Version 0:1.6.1-8.el10_0

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 7 Extended Lifecycle Support

Default Statusaffected

Version < *

Version 0:1.1.8-23.el7_9.1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:1.3.1-37.el8_10

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:1.3.1-38.el8_10

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.2 Advanced Update Support

Default Statusaffected

Version < *

Version 0:1.3.1-8.el8_2.1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Default Statusaffected

Version < *

Version 0:1.3.1-14.el8_4.1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support

Default Statusaffected

Version < *

Version 0:1.3.1-16.el8_6.2

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Default Statusaffected

Version < *

Version 0:1.3.1-16.el8_6.2

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:1.3.1-16.el8_6.2

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Default Statusaffected

Version < *

Version 0:1.3.1-26.el8_8.1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:1.3.1-26.el8_8.1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:1.5.1-26.el9_6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:1.5.1-25.el9_6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:1.5.1-26.el9_6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:1.5.1-25.el9_6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:1.5.1-9.el9_0.2

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:1.5.1-15.el9_2.1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.4 Extended Update Support

Default Statusaffected

Version < *

Version 0:1.5.1-24.el9_4

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Web Terminal 1.11 on RHEL 9

Default Statusaffected

Version < *

Version 1.11-19

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Web Terminal 1.11 on RHEL 9

Default Statusaffected

Version < *

Version 1.11-8

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Web Terminal 1.12 on RHEL 9

Default Statusaffected

Version < *

Version 1.12-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-4.1752066672

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-4.1752065732

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-4.1752065732

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-3.1752065737

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-4.1752065731

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-25

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-4.1752065736

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-2.1752065733

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-4.1752065755

Status unaffected

HerstellerRed Hat

≫

Produkt cert-manager operator for Red Hat OpenShift 1.16

Default Statusaffected

Version < *

Version sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2

Status unaffected

HerstellerRed Hat

≫

Produkt Compliance Operator 1

Default Statusaffected

Version < *

Version sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Discovery 2

Default Statusaffected

Version < *

Version sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Discovery 2

Default Statusaffected

Version < *

Version sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Insights proxy 1.5

Default Statusaffected

Version < *

Version sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.1

Default Statusaffected

Version < *

Version sha256:40535c017d2730645c57c44b32b4df1613585cc19c052fe472ccbf543a659c42

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.1

Default Statusaffected

Version < *

Version sha256:39378c1e705973edca5f52f422b5c3693aaf5d2f22fb320d7676086b2cf846ba

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.1

Default Statusaffected

Version < *

Version sha256:46090c79b193de2028b4c994d3013fec7102f3b10673ecd09b017be4de7bf9f6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.1

Default Statusaffected

Version < *

Version sha256:34851d4dd94a887b27d0937a1238d09ac370b4ec06382fe880796dac86c4aa3e

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.1

Default Statusaffected

Version < *

Version sha256:b1995ead9af6e923bd55ebdbed4c371b7f8bb58c46d6a36e9a25f9296f09a3f4

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.1

Default Statusaffected

Version < *

Version sha256:2a37885dbd9735167854119a546f9ce1b37454a2b57d283fbd8da890c01db767

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.1

Default Statusaffected

Version < *

Version sha256:c34a7574e3c6af4c82bee38e581d047613f8931c12d89924764f46b565bf3117

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.1

Default Statusaffected

Version < *

Version sha256:9eaae087bccf2cedfea26d1c0235cfbbe227f9b8f1eda67dc0b33441e319eb85

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.1

Default Statusaffected

Version < *

Version sha256:cbfcac41c1bd3a06e874433089e231dfd2a944dee139906d9949e2d68b71cfc3

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift sandboxed containers 1.1

Default Statusaffected

Version < *

Version sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift sandboxed containers 1.1

Default Statusaffected

Version < *

Version sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift sandboxed containers 1.1

Default Statusaffected

Version < *

Version sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift sandboxed containers 1.1

Default Statusaffected

Version < *

Version sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.087

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://access.redhat.com/security/cve/CVE-2025-6020

https://bugzilla.redhat.com/show_bug.cgi?id=2372512

http://www.openwall.com/lists/oss-security/2025/06/17/1

https://access.redhat.com/errata/RHSA-2025:9526

https://access.redhat.com/errata/RHSA-2025:10024

https://access.redhat.com/errata/RHSA-2025:10027

https://access.redhat.com/errata/RHSA-2025:10180

https://access.redhat.com/errata/RHSA-2025:10354

https://access.redhat.com/errata/RHSA-2025:10357

https://access.redhat.com/errata/RHSA-2025:10358

https://access.redhat.com/errata/RHSA-2025:10359

https://access.redhat.com/errata/RHSA-2025:10361