Title:Pam-config: lpe from unprivileged to allow_active in pam (CVE-2025-6018) Description:A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized control over system configurations, services, or other sensitive operations.
Description
CVE-2025-6018 CVE-2025-6019 PoC Exploit - Local Privilege Escalation in openSUSE/SUSE Linux Enterprise 15 - PAM bypass + udisks2 XFS race condition LPE to root
File Snapshot
None
Shenlong Bot has cached this for you
Remarks
1. It is advised to access via the original source first.2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →