目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2025-6018 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
Pam-config: lpe from unprivileged to allow_active in pam
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized control over system configurations, services, or other sensitive operations.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
授权机制不正确
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Linux-pam 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Linux-pam是Linux团队的一款用于Linux的支持插拔式的系统身份验证软件。 Linux-pam存在安全漏洞,该漏洞源于权限管理不当,可能导致本地权限提升。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
Red HatRed Hat Enterprise Linux 7-cpe:/o:redhat:enterprise_linux:7
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
Red HatRed Hat Enterprise Linux 9-cpe:/o:redhat:enterprise_linux:9
二、漏洞 CVE-2025-6018 的公开POC
#POC 描述源链接神龙链接
1Nonehttps://github.com/iamgithubber/CVE-2025-6018-19-exploitPOC详情
2Exploit for CVE-2025-6019https://github.com/dreysanox/CVE-2025-6018_PocPOC详情
3CVE-2025-6018 Poc and Exploit https://github.com/ibrahmsql/CVE-2025-6018POC详情
4CVE-2025-6018https://github.com/B1ack4sh/Blackash-CVE-2025-6018POC详情
5CVE-2025-6018https://github.com/Ashwesker/Blackash-CVE-2025-6018POC详情
6Nonehttps://github.com/euxem/Analyse-faille-de-s-curit-CVE-2025-6018-CVE-2025-6019POC详情
7CVE-2025-6018https://github.com/Ashwesker/Ashwesker-CVE-2025-6018POC详情
8This is just a quick note on how to exploit these vulnerabilities to get root.https://github.com/AzureADTrent/CVE-2025-6018-and-CVE-2025-6019-Privilege-EscalationPOC详情
9CVE-2025-6018 + CVE-2025-6019 Privilege Escalation Exploithttps://github.com/muyuanlove/CVE-2025-6018-CVE-2025-6019-Privilege-Escalation-ExploitPOC详情
10Exploit Chain of CVE-2025-6018 to CVE-2025-6019https://github.com/0rionCollector/Exploit-Chain-CVE-2025-6018-6019POC详情
11A Proof of Concept for chaining CVE-2025-6018 (PAM/Polkit Active Session Bypass) and CVE-2025-6019 (libblockdev SUID Mount Flaw) to achieve Local Privilege Escalation (LPE) on vulnerable Linux systems.https://github.com/MichaelVenturella/CVE-2025-6018-6019-PoCPOC详情
12Auto exploit for CVE-2025-6018 & CVE-2025-6019 based on https://github.com/0rionCollector/Exploit-Chain-CVE-2025-6018-6019https://github.com/Goultarde/CVE-2025-6018_CVE-2025-6019_autopwnPOC详情
13CVE-2025-6018 (pam LPE unpriv->allow_active), CVE-2025-6019 (udisks LPE allow_active->root) in shhttps://github.com/matesz44/CVE-2025-6018-19POC详情
14CVE-2025-6018 CVE-2025-6019 PoC Exploit - Local Privilege Escalation in openSUSE/SUSE Linux Enterprise 15 - PAM bypass + udisks2 XFS race condition LPE to roothttps://github.com/DesertDemons/CVE-2025-6018-6019POC详情
15Vulnerability chaining leads to privilege escalationhttps://github.com/localh0ste/CVE-2025-6018-and-CVE-2025-6019POC详情
16Privilege escalation exploit chain (CVE-2025-6018 + CVE-2025-6019) for openSUSE Leap 15.6https://github.com/MaxKappa/opensuse-leap-privesc-exploitPOC详情
17Nonehttps://github.com/iOxsec/CVE-2025-6018-CVE-2025-6019-Privilege-Escalation-ExploitPOC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2025-6018 的情报信息
Please 登录 to view more intelligence information
IV. Related Vulnerabilities
Same weakness: CWE-863
V. Comments for CVE-2025-6018
匿名用户
2026-01-15 06:08:48

Zaproxy alias impedit expedita quisquam pariatur exercitationem. Nemo rerum eveniet dolores rem quia dignissimos.

发表评论