cvedb.io
CVE-2025-6018
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2025-07-23T15:15:34.810 · Last modified 2026-06-30T11:16:26.377

Summary

A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized control over system configurations, services, or other sensitive operations.

Affected products

suse — pam-config

Does this affect you?

Add your gear to cvedb and we'll alert you only when suse ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.