{"uuid": "0985e8cc-e8ae-4280-9977-5896dbc3ed46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-6018", "type": "published-proof-of-concept", "source": "https://t.me/AfroHax/2904", "content": "CVE-2025-6018 & CVE-2025-6019 - Full Root Access on Linux\n\nWhat Happened :\n\nTwo chained local privilege escalation (LPE) vulnerabilities discovered by security researchers allow any local user on a vulnerable Linux system to escalate to root in seconds, with no zero-day required.\n\nVulnerabilities :\n\nCVE-2025-6018 - A flaw in PAM (Pluggable Authentication Module) configuration allows a user to falsely appear as 'active' (i.e. physically present), triggering elevated permissions.\n\nCVE-2025-6019 - A bug in udisks2/libblockdev enables mounting malicious XFS images and triggering a root-executing binary via filesystem manipulation.\n\nhttps://thehackernews.com/2025/06/new-linux-flaws-enable-full-root-access.html", "creation_timestamp": "2025-06-25T16:57:06.000000Z"}