CVE-2025-6020

Published Jun 17, 2025

Last updated 16 days ago

CVSS high 7.8
Mysql

Overview

Description
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
Source
secalert@redhat.com
NVD status
Deferred

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secalert@redhat.com
CWE-22

Social media

Hype score
Not currently trending

  1. 🚨 Critical #Debian 11 update: PAM vulnerabilities (CVE-2024-22365, CVE-2025-6020) allow DoS and root privilege escalation via symlink attacks. Read more: 👉 https://t.co/CHOpQitsi0 #Security https://t.co/c5PdM3k8wh

    @Cezar_H_Linux

    21 Sept 2025

    102 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. URGENT: Patch #Oracle Linux 9 now! Critical privilege escalation vuln (CVE-2025-6020) in PAM allows local attackers to gain root. Update to pam-1.5.1-26.0.1.el9_6 immediately. Read more: 👉 https://t.co/MD4Y11MHID https://t.co/S8oWSYbTya

    @Cezar_H_Linux

    4 Sept 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 昨日、使ってるDockerイメージにスコアHIGHの脆弱性があったから新しいイメージに変えたら、今見たらCVE-2025-6020(High)とかいう新しい脆弱性見つかって新しいイメージの方も脆弱判定されてて草 しかもpamの権限

    @PoyotanP

    18 Jun 2025

    87 Impressions

    0 Retweets

    7 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. In this weeks episode of container security is horrible pam_namespace gets a LPE to root via symlinks && race conditions CVE-2025-6020 Privileged Access Management is a lie - just don't let users on your system - in fact don't have users to begin with! Enforce it w/ unik

    @nanovms

    17 Jun 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).CVE-2026-35235
  2. SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file plugins/mysql/lib/column.go.CVE-2026-33643
  3. During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.CVE-2025-68121
  4. A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.CVE-2025-61732
  5. Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.CVE-2025-61731

References

Sources include official advisories and independent security research.