Linux Vulnerabilities Discovered
Cybersecurity researchers have identified two local privilege escalation (LPE) vulnerabilities that can be exploited to gain root privileges on machines running major Linux distributions.
The vulnerabilities, discovered by Qualys, are outlined below:
- CVE-2025-6018 – LPE from unprivileged to allow_active in SUSE 15’s Pluggable Authentication Modules (PAM)
- CVE-2025-6019 – LPE from allow_active to root in libblockdev via the udisks daemon
“These modern ‘local-to-root’ exploits have significantly reduced the gap between an ordinary logged-in user and a full system takeover,” Saeed Abbasi, Senior Manager at Qualys Threat Research Unit (TRU), stated.
“By utilizing legitimate services such as udisks loop-mounts and PAM/environment quirks, attackers who own any active GUI or SSH session can quickly gain root access in a matter of seconds.”
The cybersecurity company reported that CVE-2025-6018 is present in the PAM configuration of openSUSE Leap 15 and SUSE Linux Enterprise 15, allowing an unprivileged local attacker to elevate to the “allowFormsModule_active” user and execute Polkit actions reserved for a physically present user.
CVE-2025-6019, on the other hand, affects libblockdev and is exploitable via the udisks daemon included by default on most Linux distributions. This vulnerability allows an “allow_active” user to gain full root privileges by chaining it with CVE-2025-6018.
“Although it nominally requires ‘allow_active’ privileges, udisks ships by default on almost all Linux distributions, making nearly any system vulnerable,” Abbasi added. “Techniques to gain ‘allow_active’ privileges, including the PAM issue disclosed here, further negate that barrier.”
Once root privileges are obtained, an attacker has unrestricted access to the system, enabling them to use it as a springboard for broader post-compromise actions, such as altering security controls and implanting backdoors for covert access.
Qualys has developed proof-of-concept (PoC) exploits to confirm the presence of these vulnerabilities on various operating systems, including Ubuntu, Debian, Fedora, and openSUSE Leap 15.
To mitigate the risk posed by these flaws, it’s essential to apply patches provided by the Linux distribution vendors. As temporary workarounds, users can modify the Polkit rule for “org.freedesktop.udisks2.modify-device” to require administrator authentication (“auth_admin”).
## Flaw Disclosed in Linux PAM
The disclosure comes as maintainers of Linux PAM resolved a high-severity path traversal flaw (CVE-2025-6020, CVSS score: 7.8) that could also allow a local user to escalate to root privileges. The issue has been fixed in version 1.7.1.
“The module pam_namespace in linux-pam.
Linux systems are vulnerable if they use pam_namespace to set up polyinstantiated directories for which the path to either the polyinstantiated directory or instance directory is under user-control. As workarounds for CVE-
Source Link
