The attackers may exploit two newly discovered local privileges (LPE) weaknesses to obtain root privileges on the major Linux distribution systems.
First defect (tracked as) Cve-2025-6018) OpenSuse Leap 15 and Suse Linux Enterprise 15 was found in the configuration of the Pluggable Authentication Module (PAM) framework, allowing local attackers to obtain the “Allow_active” user privileges.
Other security bugs (Cve-2025-6019) Libblockdev was discovered in, and it enables the user to obtain root permissions to the user through Udisks Damon (a storage management service that is a storage management service running on most Linux distribution).
By successfully abusing the two flaws as part of a “local-to-rit” chain exploitation, the attackers can quickly be allowed to obtain from the root and can fully occupy a grown system, Libblockdev/Udisks Flaw is also extremely dangerous in itself.
“Although it requires ‘Allow_active’ privileges for a nominal, Udisks vessels by default on almost all Linux distribution, so almost any system is weak,” Said Saeed Abbasi, Senior Manager of Qualis True.
The technique to get ‘Allow_active’, including Pam issues, reveals here, deny that obstruction. An attacker can chain these weaknesses for immediate root compromise with minimal effort. “
Qualis Threat Research Unit (Tru), which discovered and reported both flaws, has developed the proof-of-concept actions and successfully targeted the CVE-2025-6019 to obtain root privileges on Ubuntu, Debian, Fedora and Opensus Leap 15 systems.
Admins urged to patch immediately
Qualis Security Advisory Team has shared more technical details about these two weaknesses Here And it is connected to the security patch Openwall post,
“Route access agent enables tampering, firmness and lateral movement, so an unpassed server endanger the entire fleet. To eliminate this path, patches both Pam and LibblockDev/Udisks everywhere.”
“Given the omnipotence of fate and the simplicity of exploitation, organizations should consider it as one Important, universal risk and patches without delay,
In recent years, Qualis researchers have discovered several other Linux security weaknesses that also allow the attackers to kidnap the unpacked Linux system in the default configuration.
He discovered in safety defects, a defect in the PWNKIT of the Polkit, one of the LD.SO Dynamic Lodar of a GLIBC, one in the Looney Tunables, one and a Sudo UNIX program in the filesistum layer (dubbed sequa).
Shortly after the disclosure of Loni Tubanable Dosha, the proof-off-concept (POC) exploits were released online. A month later, the attackers began to exploit it to steal the cloud service provider (CSP) credentials using kinsing malware.
Qualis also found the five LPE weaknesses initiated 10 years ago in the needy utility used by the recent Ubuntu Linux 21.04 and later default.
Patching meant complex scripts, long and endless fire drills. No more.
In this new guide, the tines break down how it is leveling with modern organ automation. Patch fast, reduce overhead, and focus on strategic tasks – no complex script is required.
