If you experience any difficulty in accessing content on our website, please contact us at 1-866-333-8917 or email us at support@chicagovps.net and we will make every effort to assist you.

By
June 20, 2025

Critical Security Flaws in Linux: Full Root Access Vulnerabilities via PAM and Udisks Exposed in Major Distributions

 

Cybersecurity researchers have identified two significant local privilege escalation (LPE) vulnerabilities in major Linux distributions that could allow unauthorized users to gain root access. These vulnerabilities, discovered by Qualys, are detailed as follows:

  • CVE-2025-6018: A flaw in the Pluggable Authentication Modules (PAM) of openSUSE Leap 15 and SUSE Linux Enterprise 15, permitting unprivileged users to elevate their privileges to the "allow_active" level.
  • CVE-2025-6019: A vulnerability in libblockdev which, when combined with CVE-2025-6018, enables an "allow_active" user to achieve full root access through the udisks daemon present on most Linux distributions.

These exploits showcase how legitimate services can be manipulated to compromise system security. Saeed Abbasi, a senior manager at Qualys, pointed out that attackers could easily transition from a standard logged-in session to root access due to these flaws. The company confirmed a broader impact, stating systems across Ubuntu, Debian, and Fedora are also at risk.

To mitigate these security threats, it’s crucial for users to apply patches issued by their respective Linux distribution vendors. As a temporary measure, modifying the Polkit rule for "org.freedesktop.udisks2.modify-device" to require administrator authentication is advised.

Additionally, a recently disclosed high-severity flaw in the Linux PAM, identified as CVE-2025-6020, could also allow local privilege escalation. This vulnerability has been addressed with a patch in version 1.7.1 of PAM. Users operating systems that utilize the pam_namespace for setting up controlled directories must ensure proper path protections to avoid exploitation.

For users to maintain security, it’s not only vital to stay updated with patches but also to assess and modify existing security practices to prevent unauthorized access.

ChicagoVPS is your gateway to unparalleled hosting solutions. Our state-of-the-art datacenters and powerful network ensures lightning-fast speeds and uninterrupted connectivity for your websites and applications. Whether you’re a startup looking for scalable resources or an enterprise in need of enterprise-grade hosting, our range of plans and customizable solutions guarantee a perfect fit. Trust in ChicagoVPS to deliver excellence, combining unmatched reliability and top-tier support.

For Inquiries or to receive a personalized quote, please reach out to us through our contact form here or email us at sales@chicagovps.net.

Popular Stories

Critical Security Flaws in Linux: Full Root Access. June 20, 2025
Introducing CyberT: The BlackBerry-Inspired Handhe. June 19, 2025
Urgent Security Alert: Major Linux Distros Vulnera. June 19, 2025
Seamlessly Transition from Windows: Discover the U. June 18, 2025
Kali Linux Revamped: UI Refresh, New Tools, and En. June 17, 2025
9to5Linux Weekly Roundup: Highlights and News from. June 16, 2025

Subscribe Email

Popular Tags

Akaunting Amplification Attacks Apps Asana Cache Chicago VPS Cloud Core Cpanel Cyber Attacks Data Backup Data Recovery Dedicated Servers Digital Marketing Dropbox FreshBooks GIT Servers Github Gitlab GUI Healthcare Honeypot Hosting Install Outline KVM Maltermost Mattermost Memcached Monit MySQL Natural Disaster New Website Openproject OpenVZ Press Release Seafile Slack Stack Tutorials VPS Website Monitor Window VPS Wordpress Zammad Zendesk
Top