CVE-2025-6020
Linux-pam: linux-pam directory traversal
CVSS Score
7.8
EPSS Score
0.1%
EPSS Percentile
22th
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
| CWE | CWE-22 |
| Published | Jun 17, 2025 |
| Last Updated | Apr 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for
Be the first to know when new high vulnerabilities are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 10.0 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle Support
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected Red Hat / Red Hat Web Terminal 1.11 on RHEL 9
All versions affected Red Hat / Red Hat Web Terminal 1.11 on RHEL 9
All versions affected Red Hat / Red Hat Web Terminal 1.12 on RHEL 9
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHOSS-1.36-RHEL-8
All versions affected Red Hat / RHOSS-1.36-RHEL-8
All versions affected Red Hat / RHOSS-1.36-RHEL-8
All versions affected Red Hat / RHOSS-1.36-RHEL-8
All versions affected Red Hat / RHOSS-1.36-RHEL-8
All versions affected Red Hat / RHOSS-1.36-RHEL-8
All versions affected Red Hat / RHOSS-1.36-RHEL-8
All versions affected Red Hat / RHOSS-1.36-RHEL-8
All versions affected Red Hat / RHOSS-1.36-RHEL-8
All versions affected Red Hat / RHOSS-1.36-RHEL-8
All versions affected Red Hat / cert-manager operator for Red Hat OpenShift 1.16
All versions affected Red Hat / Compliance Operator 1
All versions affected Red Hat / Red Hat Discovery 2
All versions affected Red Hat / Red Hat Discovery 2
All versions affected Red Hat / Red Hat Insights proxy 1.5
All versions affected Red Hat / Red Hat OpenShift distributed tracing 3.6.0
All versions affected Red Hat / Red Hat OpenShift distributed tracing 3.6.0
All versions affected Red Hat / Red Hat OpenShift distributed tracing 3.6.0
All versions affected Red Hat / Red Hat OpenShift distributed tracing 3.6.0
All versions affected Red Hat / Red Hat OpenShift distributed tracing 3.6.0
All versions affected Red Hat / Red Hat OpenShift distributed tracing 3.6.0
All versions affected Red Hat / Red Hat OpenShift distributed tracing 3.6.0
All versions affected Red Hat / Red Hat OpenShift distributed tracing 3.6.0
All versions affected Red Hat / Red Hat OpenShift distributed tracing 3.6.0
All versions affected Red Hat / Red Hat OpenShift sandboxed containers 1.1
All versions affected Red Hat / Red Hat OpenShift sandboxed containers 1.1
All versions affected Red Hat / Red Hat OpenShift sandboxed containers 1.1
All versions affected Red Hat / Red Hat OpenShift sandboxed containers 1.1
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10024 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10027 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10180 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10354 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10357 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10358 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10359 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10361 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10362 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10735 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10823 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:11386 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:11487 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:14557 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:15099 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:15709 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:15827 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:15828 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:16524 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:17181 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:18219 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:20181 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21885 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:22019 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:9526 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:0934 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-6020 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2372512 github.com: https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx openwall.com: http://www.openwall.com/lists/oss-security/2025/06/17/1 lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html
Credits
Red Hat would like to thank Olivier BAL-PETRE (ANSSI - French Cybersecurity Agency) for reporting this issue.