mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
2.1 KiB
2.1 KiB
CVE-2025-6018
Description
A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized control over system configurations, services, or other sensitive operations.
POC
Reference
- https://bugzilla.suse.com/show_bug.cgi?id=1243226
- https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
Github
- https://github.com/B1ack4sh/Blackash-CVE-2025-6018
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/Threekiii/CVE
- https://github.com/dreysanox/CVE-2025-6018_Poc
- https://github.com/iamgithubber/CVE-2025-6018-19-exploit
- https://github.com/ibrahmsql/CVE-2025-6018
- https://github.com/mistrust999/PAM-UDisks-PrivEsc-Metasploit
- https://github.com/mistrustt/PAM-UDisks-PrivEsc-Metasploit
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/pawan-shivarkar/List-of-CVE-s-
- https://github.com/pawan-shivarkar/pawan-shivarkar
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/sultanovich/sultanovich-scripts-collection
- https://github.com/tanjiti/sec_profile
- https://github.com/yembors64632/cve_monitor_Public