Configuration in pam-32bit - CVE-2025-6018
Published: June 19, 2025 / Updated: February 27, 2026
Vulnerability identifier: #VU111387
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2025-6018
CWE-ID: CWE-16
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: SUSE
Affected software:
pam-32bit
pam-32bit
Detailed vulnerability description
The issue may allow a local user to escalate privileges on the system.
The issue exists due an error in the PAM configuration of openSUSE Leap 15 and SUSE Linux Enterprise 15. An unprivileged user who logs in via sshd can force the pam_env module to add arbitrary variables to PAM's environment, leading to arbitrary code execution as root.
How to mitigate CVE-2025-6018
Install updates from vendor's website.