Major Linux Distros Are Exposed To A Root-Level Security Threat, Update ASAP

Linux server administrators, it's time to get your patch on. The boffins at Qualys, a security firm well known for its excellent SSL configuration tester, found a pair of security vulnerabilities that combined can grant any unprivileged user instant root (administrator) access.

The first vulnerability in this situation is the least impactful, but is key to the root-access combo. Security bulletin CVE-2025-6018 describes a misconfiguration in the default settings for the PAM (Pluggable Authentication Module) framework on openSUSE Leap 15 and SUSE Linux Enterprise 15. The issue revolves around the "allow_active" flag being erroneously set and allowing non-local unprivileged users to perform some elevated-privilege actions. In other words, just SSH into the machine, and you'll likely be able to mount/unmount volumes, shutdown and reboot the machine, etc.


That's already no ideal, but it gets much worse when CVE-2025-6019 gets involved. This is the big one, as it points out a flaw in the library libblockdev, used by the udisks daemon (service), present by default in most every Linux distribution. Presumably due to a permission mishandling, if the aforementioned PAM setting of "allow_active" is set to "yes", then you can boost yourself from a standard user, even a remote one, to full root. To mitigate this, Qualys recommends altering the default polkit policy "org.freedesktop.udisks2.modify-device", changing "allow_active" from "yes" to "auth_admin".

Although the inner details for the CVE reports are under wraps for now, Qualys understandably points out that these exploits are a "critical, universal risk" and that every Linux administrator should patch their systems immediately.