CVE-2025-6020

EPSS 0.03%
Veröffentlicht 17.06.2025 12:44:08
Zuletzt bearbeitet 23.09.2025 20:15:33
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 26

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/linux-pam/linux-pam

≫

Paket linux-pam

Default Statusunaffected

Version < 1.7.1

Version 0

Status affected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 7 Extended Lifecycle Support

Default Statusaffected

Version < *

Version 0:1.1.8-23.el7_9.1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:1.3.1-37.el8_10

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:1.3.1-38.el8_10

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.2 Advanced Update Support

Default Statusaffected

Version < *

Version 0:1.3.1-8.el8_2.1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Default Statusaffected

Version < *

Version 0:1.3.1-14.el8_4.1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support

Default Statusaffected

Version < *

Version 0:1.3.1-16.el8_6.2

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Default Statusaffected

Version < *

Version 0:1.3.1-16.el8_6.2

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:1.3.1-16.el8_6.2

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Default Statusaffected

Version < *

Version 0:1.3.1-26.el8_8.1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:1.3.1-26.el8_8.1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:1.5.1-26.el9_6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:1.5.1-25.el9_6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:1.5.1-26.el9_6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:1.5.1-25.el9_6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:1.5.1-9.el9_0.2

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:1.5.1-15.el9_2.1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.4 Extended Update Support

Default Statusaffected

Version < *

Version 0:1.5.1-24.el9_4

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Web Terminal 1.11 on RHEL 9

Default Statusaffected

Version < *

Version 1.11-19

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Web Terminal 1.11 on RHEL 9

Default Statusaffected

Version < *

Version 1.11-8

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Web Terminal 1.12 on RHEL 9

Default Statusaffected

Version < *

Version 1.12-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-4.1752066672

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-4.1752065732

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-4.1752065732

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-3.1752065737

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-4.1752065731

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-25

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-4.1752065736

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-2.1752065733

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.13.5-4.1752065755

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Discovery 2

Default Statusaffected

Version < *

Version sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Discovery 2

Default Statusaffected

Version < *

Version sha256:1c67d8d526ab4f2854947f7dccd8752a2efd414c0f1cbab17706fa91147e7cda

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.1

Default Statusaffected

Version < *

Version sha256:40535c017d2730645c57c44b32b4df1613585cc19c052fe472ccbf543a659c42

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.1

Default Statusaffected

Version < *

Version sha256:5bb83d0b9387f51291c3977d37aab8a19e978a7dccf3d72cae0dabb66bd26df4

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.1

Default Statusaffected

Version < *

Version sha256:46090c79b193de2028b4c994d3013fec7102f3b10673ecd09b017be4de7bf9f6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.1

Default Statusaffected

Version < *

Version sha256:f370f7f76c96e27bd5cd93b993d850c8ce5123a2dc1a03955596db5eee88d411

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.1

Default Statusaffected

Version < *

Version sha256:3d281c9d7fe151c35605aac57a95fec699d20ecea6f4a5ea5b8cdc26a8808695

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.1

Default Statusaffected

Version < *

Version sha256:faad36621dda484f7883da35873b9f288f6c7a1332815bc857531de032c38068

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.1

Default Statusaffected

Version < *

Version sha256:fb1e2c0ad417d391d2fe055e68e9aadd5b24b2c99f3fe5895750579e537fdc7d

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.1

Default Statusaffected

Version < *

Version sha256:3a3719e3683051967d548de708e178640f848933c99efc3955ca915a46bcb675

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift distributed tracing 3.6.1

Default Statusaffected

Version < *

Version sha256:54c5403a8a9e0300233e75a04318013e9dbe3d894be691927d27dc2fe53fddc0

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift sandboxed containers 1.1

Default Statusaffected

Version < *

Version sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift sandboxed containers 1.1

Default Statusaffected

Version < *

Version sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift sandboxed containers 1.1

Default Statusaffected

Version < *

Version sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat OpenShift sandboxed containers 1.1

Default Statusaffected

Version < *

Version sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.077

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://access.redhat.com/security/cve/CVE-2025-6020

https://bugzilla.redhat.com/show_bug.cgi?id=2372512

http://www.openwall.com/lists/oss-security/2025/06/17/1

https://access.redhat.com/errata/RHSA-2025:9526

https://access.redhat.com/errata/RHSA-2025:10024

https://access.redhat.com/errata/RHSA-2025:10027

https://access.redhat.com/errata/RHSA-2025:10180

https://access.redhat.com/errata/RHSA-2025:10354

https://access.redhat.com/errata/RHSA-2025:10357

https://access.redhat.com/errata/RHSA-2025:10358

https://access.redhat.com/errata/RHSA-2025:10359

https://access.redhat.com/errata/RHSA-2025:10361