CVE-2025-6018 HIGH

CVE-2025-6018: Pam-config: lpe from unprivileged to allow_active in pam

Vendor Red Hat
Product Red Hat Enterprise Linux 7
Weakness CWE-863 · Incorrect authorization
Published July 23, 2025
Last update November 6, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized control over system configurations, services, or other sensitive operations.

Key dates

02Disclosure timeline

July 23, 2025 CVE published
November 6, 2025 Record updated