Two critical local privilege escalation (LPE) vulnerabilities were disclosed, identified as CVE-2025-6018 and CVE-2025-6019. These vulnerabilities affect all versions of SUSE 15 and libblockdev, two major Linux distributions, allowing unprivileged users to escalate their privileges to root and posing significant risks to system integrity and security. Review the details of this Cybersecurity Threat Advisory to safeguard against these vulnerabilities.
What is the threat?
CVE-2025-6018 and CVE-2025-6019 are local privilege escalation vulnerabilities found in SUSE’s Pluggable Authentication Modules (PAM) and the libblockdev library, respectively. CVE-2025-6018 allows an unprivileged user to escalate privileges to the “allow_active” state in SUSE 15. CVE-2025-6019 enables an attacker to escalate from the “allow_active” state to root privileges via the udisks daemon in the libblockdev library.
These vulnerabilities are concerning because they can be exploited together. By exploiting CVE-2025-6018, attackers can gain an initial foothold and then leverage CVE-2025-6019 to escalate to root access, resulting in a complete system compromise. The combined effect significantly raises the risk of exploitation across various Linux distributions.
Why is it noteworthy?
These vulnerabilities enable unprivileged users to escalate to root access, which can have severe consequences, including unauthorized system control, data breaches, or unauthorized code execution. The ability to execute arbitrary code with elevated privileges opens the door to widespread exploitation. The fact that these vulnerabilities can be chained together increases their danger. Attackers could first exploit CVE-2025-6018 to gain access to the system and then escalate to root privileges using CVE-2025-6019, amplifying the potential for damage. Organizations must take prompt action to mitigate the risk of exploitation.
What is the exposure or risk?
The exposure and risk of CVE-2025-6018 and CVE-2025-6019 are significant, especially for organizations using affected Linux distributions. The key risks include:
- Data breach: After gaining root access, attackers can exfiltrate sensitive information, causing data breaches with potential legal, financial, and reputational consequences.
- Operational disruption: The exploitation of these vulnerabilities can cause system interruptions, affecting business operations, services, and ultimately, customer trust.
- System compromise: These vulnerabilities can serve as entry points for attackers to move laterally within the network, potentially compromising additional systems and data.
- Unauthorized access: Attackers exploiting these vulnerabilities can manipulate system settings and gain access to sensitive data, posing a significant threat to organizational security.
What are the recommendations?
Barracuda recommends the following actions to secure your endpoints against these vulnerabilities:
- Update affected products to the latest versions as soon as patches are available.
- Review and strengthen access controls to ensure that only authorized personnel have access to critical systems.
- Implement robust monitoring and logging practices to detect any unauthorized access attempts or suspicious activities.
- Ensure that an incident response plan is in place to address potential exploitation of these vulnerabilities.
- Educate users about the importance of security practices and the risks associated with privilege escalation.
References
For more in-depth information about the recommendations, please visit the following links:
- https://security-tracker.debian.org/tracker/CVE-2025-6018
- https://thehackernews.com/2025/06/new-linux-flaws-enable-full-root-access.html
- https://almalinux.org/blog/2025-06-18-test-patches-for-cve-2025-6019/
-
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
This post originally appeared on Smarter MSP.