CVE-2025-6020

EPSS 0.03%
Veröffentlicht 17.06.2025 12:44:08
Zuletzt bearbeitet 17.03.2026 16:16:18
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 34

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/linux-pam/linux-pam

≫

Paket linux-pam

Default Statusunaffected

Version < 1.7.1

Version 0

Status affected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 10

Default Statusaffected

Version < *

Version 0:1.6.1-8.el10

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 10.0 Extended Update Support

Default Statusaffected

Version < *

Version 0:1.6.1-8.el10_0

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 7 Extended Lifecycle Support

Default Statusaffected

Version < *

Version 0:1.1.8-23.el7_9.1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:1.3.1-37.el8_10

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:1.3.1-38.el8_10

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.2 Advanced Update Support

Default Statusaffected

Version < *

Version 0:1.3.1-8.el8_2.1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Default Statusaffected

Version < *

Version 0:1.3.1-14.el8_4.1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support

Default Statusaffected

Version < *

Version 0:1.3.1-16.el8_6.2

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Default Statusaffected

Version < *

Version 0:1.3.1-16.el8_6.2

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:1.3.1-16.el8_6.2

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Default Statusaffected

Version < *

Version 0:1.3.1-26.el8_8.1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:1.3.1-26.el8_8.1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:1.5.1-26.el9_6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:1.5.1-25.el9_6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:1.5.1-26.el9_6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:1.5.1-25.el9_6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:1.5.1-9.el9_0.2

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:1.5.1-15.el9_2.1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.4 Extended Update Support

Default Statusaffected

Version < *

Version 0:1.5.1-24.el9_4

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Web Terminal 1.11 on RHEL 9

Default Statusaffected

Version < *

Version 1.11-19

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Web Terminal 1.11 on RHEL 9

Default Statusaffected

Version < *

Version 1.11-8

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Web Terminal 1.12 on RHEL 9

Default Statusaffected

Version < *

Version 1.12-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-4.1752066672

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-4.1752065732

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-4.1752065732

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-3.1752065737

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-4.1752065731

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-25

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-4.1752065736

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-2.1752065733

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-4.1752065755

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.36-RHEL-8

Default Statusaffected

Version < *

Version 1.36.0-11

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.36-RHEL-8

Default Statusaffected

Version < *

Version 1.36.0-11

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.36-RHEL-8

Default Statusaffected

Version < *

Version 1.36.0-11

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.36-RHEL-8

Default Statusaffected

Version < *

Version 1.36.0-10

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.36-RHEL-8

Default Statusaffected

Version < *

Version 1.36.0-10

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.36-RHEL-8

Default Statusaffected

Version < *

Version 1.36.0-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.36-RHEL-8

Default Statusaffected

Version < *

Version 1.36.0-9

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.36-RHEL-8

Default Statusaffected

Version < *

Version 1.36.0-12

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.36-RHEL-8

Default Statusaffected

Version < *

Version 1.36.0-18

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.36-RHEL-8

Default Statusaffected

Version < *

Version 1.36.0-11

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.36-RHEL-8

Default Statusaffected

Version < *

Version 1.36.0-7

Status unaffected

HerstellerRed Hat

≫

Produkt cert-manager operator for Red Hat OpenShift 1.16

Default Statusaffected

Version < *

Version sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323

Status unaffected

HerstellerRed Hat

≫

Produkt Compliance Operator 1

Default Statusaffected

Version < *

Version sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Discovery 2

Default Statusaffected

Version < *

Version sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Discovery 2

Default Statusaffected

Version < *

Version sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Insights proxy 1.5

Default Statusaffected

Version < *

Version sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.0

Default Statusaffected

Version < *

Version sha256:40535c017d2730645c57c44b32b4df1613585cc19c052fe472ccbf543a659c42

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.0

Default Statusaffected

Version < *

Version sha256:c18d414518b1eaed33a17a13f6c0273ab14405dd9569c169e6839026330e0895

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.0

Default Statusaffected

Version < *

Version sha256:46090c79b193de2028b4c994d3013fec7102f3b10673ecd09b017be4de7bf9f6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.0

Default Statusaffected

Version < *

Version sha256:f370f7f76c96e27bd5cd93b993d850c8ce5123a2dc1a03955596db5eee88d411

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.0

Default Statusaffected

Version < *

Version sha256:3d281c9d7fe151c35605aac57a95fec699d20ecea6f4a5ea5b8cdc26a8808695

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.0

Default Statusaffected

Version < *

Version sha256:d1425fca630adab3f66b30eaf47010c2da892e2d635a721c493c1751f98f69b3

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.0

Default Statusaffected

Version < *

Version sha256:c34a7574e3c6af4c82bee38e581d047613f8931c12d89924764f46b565bf3117

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.0

Default Statusaffected

Version < *

Version sha256:1feaee0df48953c919df3ceb2dde3aa10345e69c0b1a7186a8a0fd6ab9b300f6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.0

Default Statusaffected

Version < *

Version sha256:d0783f1725e2452c74dd687ac3238634851b9e587cd5c1134e790a43cdd7cad5

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift sandboxed containers 1.1

Default Statusaffected

Version < *

Version sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift sandboxed containers 1.1

Default Statusaffected

Version < *

Version sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift sandboxed containers 1.1

Default Statusaffected

Version < *

Version sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift sandboxed containers 1.1

Default Statusaffected

Version < *

Version sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.071

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://access.redhat.com/security/cve/CVE-2025-6020

https://bugzilla.redhat.com/show_bug.cgi?id=2372512

http://www.openwall.com/lists/oss-security/2025/06/17/1

https://access.redhat.com/errata/RHSA-2025:9526

https://access.redhat.com/errata/RHSA-2025:10024

https://access.redhat.com/errata/RHSA-2025:10027

https://access.redhat.com/errata/RHSA-2025:10180

https://access.redhat.com/errata/RHSA-2025:10354

https://access.redhat.com/errata/RHSA-2025:10357

https://access.redhat.com/errata/RHSA-2025:10358

https://access.redhat.com/errata/RHSA-2025:10359

https://access.redhat.com/errata/RHSA-2025:10361