7.8
CVE-2025-6020
- EPSS 0.4%
- Veröffentlicht 17.06.2025 12:44:08
- Zuletzt bearbeitet 30.06.2026 11:16:26
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Linux-pam: linux-pam directory traversal
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX MX5000
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX MX5000RE
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1400
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1500
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1501
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1510
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1511
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1512
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1524
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1536
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX5000
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.32 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
https://access.redhat.com/security/cve/CVE-2025-6020
https://bugzilla.redhat.com/show_bug.cgi?id=2372512
http://www.openwall.com/lists/oss-security/2025/06/17/1
https://access.redhat.com/errata/RHSA-2025:9526
https://access.redhat.com/errata/RHSA-2025:10024
https://access.redhat.com/errata/RHSA-2025:10027
https://access.redhat.com/errata/RHSA-2025:10180
https://access.redhat.com/errata/RHSA-2025:10354
https://access.redhat.com/errata/RHSA-2025:10357
https://access.redhat.com/errata/RHSA-2025:10358
https://access.redhat.com/errata/RHSA-2025:10359
https://access.redhat.com/errata/RHSA-2025:10361
https://access.redhat.com/errata/RHSA-2025:10362
https://access.redhat.com/errata/RHSA-2025:10735
https://access.redhat.com/errata/RHSA-2025:10823
https://access.redhat.com/errata/RHSA-2025:11386
https://access.redhat.com/errata/RHSA-2025:11487
https://access.redhat.com/errata/RHSA-2025:14557
https://access.redhat.com/errata/RHSA-2025:15099
https://access.redhat.com/errata/RHSA-2025:15709
https://access.redhat.com/errata/RHSA-2025:15828
https://access.redhat.com/errata/RHSA-2025:15827
https://access.redhat.com/errata/RHSA-2025:16524
https://access.redhat.com/errata/RHSA-2025:18219
https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html
https://access.redhat.com/errata/RHSA-2025:17181
https://access.redhat.com/errata/RHSA-2025:20181
https://access.redhat.com/errata/RHSA-2025:21885
https://access.redhat.com/errata/RHSA-2025:22019
https://access.redhat.com/errata/RHSA-2026:0934
https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx
https://cert-portal.siemens.com/productcert/html/ssa-577017.html