Security researchers have discovered two major vulnerabilities in Linux that allow attackers to escalate privileges and gain full root access. The flaws impact major distributions including Ubuntu, Debian, Fedora, and openSUSE.
Chained Exploits Enable Full System Takeover
The vulnerabilities, uncovered by Qualys Threat Research Unit (TRU), are:
- CVE-2025-6018: Local privilege escalation in SUSE’s PAM configuration.
- CVE-2025-6019: Elevation from “allow_active” to root via udisks daemon.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
“These are modern ‘local-to-root’ exploits,” said Saeed Abbasi, senior manager at Qualys TRU. “They collapse the gap between a normal user and full system control.”
Attackers can combine these flaws to escalate from a basic GUI or SSH session to full root access. The attack leverages udisks loop mounts and PAM quirks to bypass polkit trust zones.
Who Is Affected
- CVE-2025-6018 affects openSUSE Leap 15 and SUSE Linux Enterprise 15.
- CVE-2025-6019 impacts libblockdev via the udisks daemon, which is installed by default on most Linux systems.
Once exploited, an attacker can disable security tools, install rootkits, or establish persistent access.
Proof-of-Concept Developed
Qualys tested successful exploitation on:
- Ubuntu
- Debian
- Fedora
- openSUSE Leap 15
They’ve created PoC exploits but have not released them publicly to prevent misuse.
FCRF x CERT-In Roll Out National Cyber Crisis Management Course to Prepare India’s Digital Defenders
Mitigation Steps
Patch Immediately: Linux vendors are releasing updates. Users should apply security patches as soon as possible, modify polkit rules for org.freedesktop.udisks2.modify-device, require auth_admin to block unauthorized actions
Another PAM Flaw Also Patched
In related news, maintainers fixed a separate high-severity flaw in Linux PAM:
- CVE-2025-6020 (CVSS: 7.8): A path traversal vulnerability in pam_namespace.
- Allows local privilege escalation via symlink attacks and race conditions.
- Patched in linux-pam v1.7.1.
- This issue affects systems using pam_namespace with user-controlled directory paths.
Final Recommendations
Update Linux PAM to v1.7.1 or later, disable or restrict pam_namespace if you’re unsure of path configurations, ensure namespace.init scripts are secure.
About the author – Ayush Chaurasia is a postgraduate student passionate about cybersecurity, threat hunting, and global affairs. He explores the intersection of technology, psychology, national security, and geopolitics through insightful writing