AI description
CVE-2025-6019 is a local privilege escalation (LPE) vulnerability found in the libblockdev library. It can be exploited by accessing the udisks2 daemon, which manages storage devices, if an attacker gains the privileges of an active user (allow_active). This vulnerability exists because udisks mounts user-provided filesystem images with security flags to prevent privilege escalation. A local attacker can create a specially crafted XFS image containing a SUID-root shell and trick udisks into resizing it. This action mounts the malicious filesystem with root privileges, allowing the attacker to execute their SUID-root shell and gain complete control of the system. The vulnerability is triggered because the mount is performed without enforcing `nosuid` or `nodev` options.
- Description
- A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
- Source
- secalert@redhat.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7
- Impact score
- 5.9
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secalert@redhat.com
- CWE-250
- Hype score
- Not currently trending
[1day1line] CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks https://t.co/EzJMs1ucgg Today’s 1day1line covers a local privilege escalation (LPE) vulnerability discovered in the udisksd disk management daemon and its backend library libblockdev on Linux
@hackyboiz
9 Jul 2025
3625 Impressions
16 Retweets
39 Likes
8 Bookmarks
0 Replies
0 Quotes
به تازگی آسیب پذیری جدیدی با کد شناسایی CVE-2025-6019 برای لینوکس های suse و Fedora و سایر توزیع های لینوکس از نوع local privilege es منتشر شده است. دلیل این آسیب پذیری سرویس ud
@AmirHossein_sec
8 Jul 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical #Linux Vulnerability #CVE-2025-6019 Lets Users Gain Root Access via udisksd Flaw https://t.co/QF6NbchNwm
@UndercodeNews
7 Jul 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6018 y CVE-2025-6019 son vulnerabilidades de escalada de privilegios locales, presentes en los módulos de autenticación conectables (PAM) de SUSE. https://t.co/cGvTD9Z5cM #alertasdeciberseguridad #ataquesciberneticos #Ciberseguridad #Linux #proteccióntotal #CobraNetwo
@Cobra_Networks
25 Jun 2025
27 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️ Важная новость для пользователей Linux: в библиотеке libblockdev найдена уязвимость CVE-2025-6019, позволяющая злоумышленникам получить права root на большинстве п
@Kaspersky_ru
24 Jun 2025
183 Impressions
2 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨 A newly found Linux vulnerability (CVE-2025-6019) in udisks allows attackers to escalate to root access on major distros. When chained with a PAM config flaw, it becomes a full local-to-root exploit. Affects Ubuntu, Debian, Fedora, SUSE. Admins must patch now. https://t.co/T
@Ctrl_Alt_Zaid
23 Jun 2025
3382 Impressions
4 Retweets
14 Likes
8 Bookmarks
1 Reply
0 Quotes
Critical #Linux vuln: #Fedora 42’s udisks2 lets users escalate to root (CVE-2025-6019). Patch with: sudo dnf upgrade --advisory FEDORA-2025-6ef0c40f95 Details: 👉 https://t.co/4XSk6qTDgO #InfoSec #SysAdmin https://t.co/xBXueafQCO
@Cezar_H_Linux
23 Jun 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Gah looks like I'm upgrading servers tomorrow, thanks CVE-2025-6019
@DanielW_Kiwi
23 Jun 2025
1183 Impressions
0 Retweets
32 Likes
1 Bookmark
8 Replies
1 Quote
Reportadas vulnerabilidades críticas (CVE-2025-6018 y CVE-2025-6019) en los módulos PAM y UDisks que afectan a distribuciones Linux como SUSE, Ubuntu, Debian y Fedora. Estas fallas permiten la escalada de privilegios locales mediante la explotación combinada de pam_env y polki
@henryraul
20 Jun 2025
80 Impressions
5 Retweets
5 Likes
1 Bookmark
1 Reply
0 Quotes
Linux flaws chain allows Root access across major distributions Qualys researchers discovered two chained local privilege escalation (LPE) vulnerabilities—CVE-2025-6018 and CVE-2025-6019—that can grant root access on major Linux distributions. CVE-2025-6018 allows unprivileg
@dCypherIO
20 Jun 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Researchers found two local privilege escalation flaws (CVE-2025-6018 & CVE-2025-6019) in major Linux distributions that could allow unprivileged attackers to gain root access, urging users to apply patches or adjust Polkit rules. #LinuxSecurity #Vulnera… https://t.co/DXL0q
@Cyber_O51NT
20 Jun 2025
227 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
#KDaily@kaspersky CVE-2025-6019: время обновлять Linux Исследователи нашли уязвимость, позволяющую получить права root на большинстве сборок Linux. https://t.co/2Ijc8aJi7b
@kmscom6
20 Jun 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#KDaily@kaspersky CVE-2025-6019: время обновлять Linux Исследователи нашли уязвимость, позволяющую получить права root на большинстве сборок Linux. https://t.co/mJfbTFZl8L
@kmscom3
20 Jun 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Linux Flaws (CVE-2025-6018 & CVE-2025-6019) Allow Unprivileged Users to Gain Root Access https://t.co/vb2D8wdzVQ
@the_yellow_fall
20 Jun 2025
1408 Impressions
15 Retweets
31 Likes
6 Bookmarks
1 Reply
0 Quotes
Researchers at @qualys have uncovered two privilege escalation flaws: CVE-2025-6018 and CVE-2025-6019, that can be chained to let attackers gain full root access. 🔗 Read more: https://t.co/AXCjO8H3Yi ✍ Josh Breaker-Rolfe #Linux #Vulnerability #ISBNews
@Info_Sec_Buzz
20 Jun 2025
92 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6019: time to update Linux Researchers have found a vulnerability that allows attackers to get root privileges on most Linux distributions. Details 👉 https://t.co/dI5uP1cdLv https://t.co/ysGzyya9un
@e_kaspersky
20 Jun 2025
1941 Impressions
9 Retweets
23 Likes
4 Bookmarks
1 Reply
2 Quotes
CVE-2025-6019: время обновлять Linux Исследователи нашли уязвимость, позволяющую получить права root на большинстве сборок Linux. Подробности👉 https://t.co/waXHxQ9ZY4 https://t.co
@e_kaspersky_ru
20 Jun 2025
220 Impressions
3 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
New CVEs = Full Root Access on @Linux ? CVE-2025-6018 + CVE-2025-6019 allow remote users to spoof physical access, then go full root via udisks. Add CVE-2023-0386 & you’ve got a serious escalation chain. Patch now! 🔗 https://t.co/SMrpkBeJvN #CyberSecurity #Linux #C
@socradar
20 Jun 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security Alert: New Linux flaws (CVE-2025-6018, CVE-2025-6019) allow attackers to gain full root access on major distributions, reported today, June 19, 2025. Threat: A simple user login can escalate to full system control via PAM and udisks, risking data breaches or downtime in
@tony3266
19 Jun 2025
78 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6019 A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take cer… https://t.co/Za7tPKrJe5
@CVEnew
19 Jun 2025
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
AlmaLinux 8, 9, 10, and Kitten 10 are all impacted by libblockdev CVE-2025-6019, so we have decided to update this ahead of our upstream. Learn more and help us test the patched versions of libblockdev 👇 https://t.co/kYBE6UkOWL
@AlmaLinux
19 Jun 2025
2158 Impressions
16 Retweets
63 Likes
7 Bookmarks
0 Replies
0 Quotes
CVE-2025-6018 and CVE-2025-6019: New Linux privilege escalation flaws in PAM and udisks allow local attackers to chain exploits and gain full root. Confirmed on SUSE, Ubuntu, Debian, and Fedora. Patch now and update Polkit rules. #Linux #CVE2025 #PrivilegeEscalation https://t.
@CloneSystemsInc
19 Jun 2025
87 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🐧 Two new Linux flaws (CVE-2025-6018 & CVE-2025-6019) allow attackers to escalate from user to root in seconds—impacting major distros via PAM & udisks. Patch now. #Vulnerability 🚨 #PrivilegeEscalation 🧨 https://t.co/9OkAqPhNjC
@manuelbissey
19 Jun 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ALERT: Critical flaws in openSUSE Leap 15, Ubuntu, Debian & Fedora! CVE-2025-6018 & CVE-2025-6019 grant FULL ROOT ACCESS. Patch NOW or risk total compromise! 🔐 #Linux #Cybersecurity https://t.co/JFVopwIz3I
@_F2po_
19 Jun 2025
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two critical Linux flaws (CVE-2025-6018 & CVE-2025-6019) could let attackers gain full root access via PAM and udisks. These vulnerabilities affect major distros—patch now to prevent system-wide compromises. 🔐 #LinuxSecurity #CyberThreat #UK https://t.co/cinHZ9j03b
@TweetThreatNews
19 Jun 2025
137 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2025-6018: LPE from unprivileged to allow_active in *SUSE 15's PAM CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks https://t.co/JBQttZCpsS
@hardenedlinux
19 Jun 2025
195 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
【Linuxに権限昇格の脆弱性:CVE-2025-6018、CVE-2025-6019】両脆弱性を連鎖させると完全なroot権限を得られるという。またこれとは別に米CISAは17日、Linuxカーネルの古い脆弱性CVE-2023-0386(不適切な所有権管理)をKEVカタ
@MachinaRecord
19 Jun 2025
165 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
19/06/2025 New critical vulnerabilities allow full root access on major Linux distros! 🚨 CVE-2025-6018 & CVE-2025-6019 pose severe LPE risks. Immediate patching recommended to protect systems. Source: https://t.co/z0y0LBtEju
@kernyx64
19 Jun 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Root access risk! New Linux flaws (CVE-2025-6018, CVE-2025-6019) let attackers gain full control. Patch ASAP & tweak Polkit/PAM settings to mitigate. #LinuxSecurity #Cybersecurity #VulnerabilityManagement https://t.co/cDr2n7YAe4
@fernandokarl
19 Jun 2025
80 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Linux vulnerabilities CVE-2025-6018 & CVE-2025-6019 allow privilege escalation to root level. Stay informed: https://t.co/pT4qjDPZnF #CyberSecurity #LinuxSecurity
@threatlight
19 Jun 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two local privilege escalation vulnerabilities, CVE-2025-6018 on openSUSE and CVE-2025-6019 in libblockdev, allow attackers to gain root access. Immediate patching is essential to prevent network compromise. #Security https://t.co/5OKW8oYWvT
@Strivehawk
18 Jun 2025
79 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
2つのLPEを連鎖させて「ルート」権限を取得:ほとんどのLinuxディストリビューションに脆弱性(CVE-2025-6018、CVE-2025-6019) Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019) #HelpNetSecurity
@foxbook
18 Jun 2025
322 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
New Linux udisks flaw lets attackers get root on major Linux distros Two critical local privilege escalation (LPE) vulnerabilities—CVE-2025-6018 (in PAM on SUSE systems) and CVE-2025-6019 (in libblockdev via the udisks daemon)—can be chained to gain root access on major Lin
@dCypherIO
18 Jun 2025
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019) https://t.co/hV5v38CzNH #HelpNetSecurity #Cybersecurity https://t.co/yHV69W18Jd
@PoseidonTPA
18 Jun 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chaining two LPEs to get “#root”: Most #Linux distros vulnerable (#CVE-2025-6018, CVE-2025-6019) https://t.co/qzo11uGo99
@ScyScan
18 Jun 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Qualys found 2 Linux vulns (CVE-2025-6018, CVE-2025-6019) that, when combined, grant root access easily. CVE-2025-6018 misconfigures PAM, letting attackers bypass security. CVE-2025-6019 is in libblockdev. Patch immediately! https://t.co/7aK3qHwFMC
@Jfreeg_
18 Jun 2025
79 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Linux vulnerability alert: A flaw in udisks (CVE-2025-6019) lets local attackers gain root access on major distros. Patch ASAP and monitor for suspicious activity. Details: https://t.co/BuhsEiQ50O
@RedTeamNewsBlog
18 Jun 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Linux Privilege Escalation Vulnerabilities Let Attackers Gain Full Root Access Read more: https://t.co/jn550VqurA Two critical, interconnected flaws, CVE-2025-6018 and CVE-2025-6019, enable unprivileged attackers to achieve root access on major Linux distributions. The
@The_Cyber_News
18 Jun 2025
597 Impressions
2 Retweets
12 Likes
2 Bookmarks
0 Replies
0 Quotes
多くのLinuxディストリビューションに影響する権限昇格の脆弱性チェーンについて。CVE-2025-6018及びCVE-2025-6019。 https://t.co/tvY1bpZJvR 前者はPAMの構成に起因し、SSH経由のユーザにコンソールアクセス時の"allow_active"
@__kokumoto
18 Jun 2025
1840 Impressions
4 Retweets
17 Likes
8 Bookmarks
0 Replies
0 Quotes
CVE-2025-6018 CVE-2025-6019 https://t.co/yFocL7Z2Gr
@VulmonFeeds
17 Jun 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks https://t.co/aXRY2y5bRq
@andersonc0d3
17 Jun 2025
862 Impressions
3 Retweets
17 Likes
4 Bookmarks
0 Replies
0 Quotes