How CVE-2025-6018 and CVE-2025-6019 Enable Full Root Access on Linux

How CVE-2025-6018 and CVE-2025-6019 Enable Full Root Access on Linux

How CVE-2025-6018 and CVE-2025-6019 Enable Full Root Access on Linux Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your enrollment helps support this platform at no extra cost to you. Two newly uncovered Local Privilege Escalation (LPE) vulnerabilities, CVE-2025-6018 and CVE-2025-601…

New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions

Linux systems face critical local privilege escalation threats via CVE-2025-6018/6019 flaws—users must patch now.

Chaining two LPEs to get "root": Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019) - Help Net Security

Qualys researchers have unearthed two local privilege escalation vulnerabilities (CVE-2025-6018, CVE-2025-6019) that can be exploited in tandem to achieve root access on most Linux distributions “with minimal effort.” About the vulnerabilities (CVE-2025-6018, CVE-2025-6019) CVE-2025-6018 affects the Pluggable Authentication Modules (PAM) configuration of openSUSE Leap 15 and SUSE Linux Enterprise 15, and allows an unprivileged local attacker – f…

Qualys Uncovers Local Privilege Escalation Flaws - Cybernoz - Cybersecurity News

The Qualys Threat Research Unit has discovered two linked local privilege escalation flaws. The first (CVE-2025-6018) resides in the PAM configuration of openSUSE Leap 15 and SUSE Linux Enterprise 15. Using this vulnerability, an unprivileged local attacker, for example, via SSH, can elevate to the “allow_active” user and invoke polkit actions normally reserved for a physically present user. The second (CVE-2025-6019) affects libblockdev, is exp…