Post

New Linux Flaws Enable Full Root

Posted
By 10alert
2 min read 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

---
title: "Critical Linux Vulnerabilities Grant Full Root Access Through PAM and Udisks"
categories: [Cybersecurity & Data Protection, Vulnerabilities]
description: "Discover the latest Linux vulnerabilities that allow full root access through PAM and Udisks. Learn about the impact and necessary mitigations."
author: "Vitus"
date: 2025-06-19
tags: [cybersecurity, linux, vulnerabilities]
---

## **TL;DR**
Cybersecurity researchers have identified two significant local privilege escalation (LPE) vulnerabilities in major Linux distributions, allowing attackers to gain root access. These flaws, discovered by Qualys, affect the Pluggable Authentication Modules (PAM) and Udisks components. Users are advised to apply security patches promptly to mitigate risks.

## **Critical Linux Vulnerabilities Uncovered**

Cybersecurity researchers have recently identified two significant local privilege escalation (LPE) vulnerabilities that could be exploited to gain root access on machines running major Linux distributions. These vulnerabilities, discovered by Qualys, pose a substantial risk to the security of Linux systems.

## **Vulnerability Details**

The identified vulnerabilities are listed below:

- **CVE-2025-6018**: This flaw allows unprivileged users to escalate their privileges to `allow_active` in SUSE 15's Pluggable Authentication Modules (PAM).
- **CVE-2025-6019**: This vulnerability enables users with `allow_active` permissions to further escalate their privileges to root.

These vulnerabilities highlight the importance of timely security updates and patches to protect Linux systems from potential exploits.

## **Impact and Mitigation**

The discovery of these vulnerabilities underscores the need for vigilant cybersecurity practices. Users and administrators are strongly advised to apply the necessary security patches provided by their respective Linux distributions to mitigate these risks. Regular system updates and monitoring are crucial in maintaining a secure environment.

For more detailed information, visit the full article: [The Hacker News](https://thehackernews.com/2025/06/new-linux-flaws-enable-full-root-access.html).

## **Conclusion**

The identification of these critical Linux vulnerabilities serves as a reminder of the ongoing need for robust cybersecurity measures. By staying informed and proactive, users can protect their systems from potential threats and ensure the integrity of their data.

## **Additional Resources**

For further insights, check:

- [Qualys Security Advisory](https://www.qualys.com)
- [SUSE Security Updates](https://www.suse.com/security/updates/)
This post is licensed under CC BY 4.0 by the author.