Red Hat Security Advisory: pam security update
A directory traversal vulnerability (CVE-2025-6020) was identified in the Linux Pluggable Authentication Modules (PAM) component used by Red Hat Enterprise Linux 10. 0 and related variants. This vulnerability could allow unauthorized access to filesystem locations due to improper handling of directory paths. Red Hat has released an important security update addressing this issue. The advisory indicates that the update is available and provides instructions for applying the fix. No known exploits in the wild have been reported. The vulnerability is rated as high severity by the source, and the vendor classifies the update impact as Important.
AI Analysis
Technical Summary
The vulnerability CVE-2025-6020 affects the linux-pam package in Red Hat Enterprise Linux 10.0 Extended Update Support and related architectures. It is a directory traversal flaw (CWE-22) that could allow an attacker to access files or directories outside the intended scope by manipulating file paths. Red Hat has issued an update (pam-1.6.1-8.el10_0) to fix this issue. The vendor advisory RHSA-2025:22019 provides detailed information and instructions for remediation. No CVSS score is provided, but the severity is indicated as high/Important.
Potential Impact
If exploited, this directory traversal vulnerability could allow unauthorized users to access or manipulate files outside of the intended directories, potentially leading to unauthorized information disclosure or system compromise. However, no known exploits have been reported in the wild at this time. The impact is significant enough for Red Hat to rate the update as Important.
Mitigation Recommendations
Red Hat has released an official security update that addresses this vulnerability. Users of affected Red Hat Enterprise Linux 10.0 Extended Update Support versions should apply the pam package update (pam-1.6.1-8.el10_0) as soon as possible following the instructions in the Red Hat advisory (https://access.redhat.com/articles/11258). No additional mitigation steps are indicated by the vendor advisory.
Red Hat Security Advisory: pam security update
Description
A directory traversal vulnerability (CVE-2025-6020) was identified in the Linux Pluggable Authentication Modules (PAM) component used by Red Hat Enterprise Linux 10. 0 and related variants. This vulnerability could allow unauthorized access to filesystem locations due to improper handling of directory paths. Red Hat has released an important security update addressing this issue. The advisory indicates that the update is available and provides instructions for applying the fix. No known exploits in the wild have been reported. The vulnerability is rated as high severity by the source, and the vendor classifies the update impact as Important.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2025-6020 affects the linux-pam package in Red Hat Enterprise Linux 10.0 Extended Update Support and related architectures. It is a directory traversal flaw (CWE-22) that could allow an attacker to access files or directories outside the intended scope by manipulating file paths. Red Hat has issued an update (pam-1.6.1-8.el10_0) to fix this issue. The vendor advisory RHSA-2025:22019 provides detailed information and instructions for remediation. No CVSS score is provided, but the severity is indicated as high/Important.
Potential Impact
If exploited, this directory traversal vulnerability could allow unauthorized users to access or manipulate files outside of the intended directories, potentially leading to unauthorized information disclosure or system compromise. However, no known exploits have been reported in the wild at this time. The impact is significant enough for Red Hat to rate the update as Important.
Mitigation Recommendations
Red Hat has released an official security update that addresses this vulnerability. Users of affected Red Hat Enterprise Linux 10.0 Extended Update Support versions should apply the pam package update (pam-1.6.1-8.el10_0) as soon as possible following the instructions in the Red Hat advisory (https://access.redhat.com/articles/11258). No additional mitigation steps are indicated by the vendor advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:22019
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a1f4e87e29bf47b50080a2a
Added to database: 6/2/2026, 9:43:35 PM
Last enriched: 6/2/2026, 10:08:08 PM
Last updated: 6/3/2026, 5:08:10 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.