Skip to content

Novel Linux flaw lets attackers get root access

  • by
  • 2 min read

Photo: Jivacore/Shutterstock.com

Two newly discovered Linux vulnerabilities allow attackers to gain root access on major Linux distros, including Debian, Fedora, Ubuntu, and SUSE Linux Enterprise 15 systems. Both bugs are local privilege escalation (LPE) vulnerabilities.

The two flaws are as follows:

  • CVE-2025-6018: Found in the configuration of Pluggable Authentication Modules (PAM) framework on openSUSE Leap 15 and SUSE Linux Enterprise 15. If exploited, it allows local attackers to gain “allow_active” user privileges.
  • CVE-2025-6019: Found in the libblockdev library and allows a local attacker to gain root privileges by exploiting the udisks daemon, a storage management service that runs on most modern Linux distros.

Both flaws were discovered and reported by security researchers from Qualys Threat Research Unit (TRU). Their report also highlights proof-of-concept exploits that successfully target CVE-2025-6019 to gain root privileges on Ubuntu, Debian, Fedora, and openSUSE Leap 15 systems.

This is an image of cyber security hacked breach

Thankfully, security patches addressing the bugs have already been released. Since root access allows persistence, lateral network movement, and enables agent tampering, administrators are advised to treat the vulnerabilities as a “critical, universal risk and deploy patches without delay.” Exploitation of even a single unpatched server can endanger an entire network.

While Linux is comparatively more secure than more popular operating systems like Windows, it’s still vulnerable to odd bugs discovered every now and then. A set of novel vulnerabilities also discovered by TRU allows a local attacker to gain access to otherwise protected information and steal password hashes on Ubuntu, Red Hat Enterprise, and Fedora Linux systems.

Another novel Linux malware allowed for the development of the first ever UEFI bootkit, also targeted Linux systems. It focused on compromising Linux environments, bypassing key security measures such as Secure Boot and kernel signatures.

In the News: Zoomcar suffers data breach affecting 8.4 million users

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

This is an image of data breach featured

Zoomcar suffers data breach affecting 8.4 million users

This is an image of smart home iot internet of things 329ufsd

UK privacy watchdog orders smart device to stop invading user privacy

Illustration: jmiks | shutterstock

Anubis ransomware adds novel file wiping capabilities

This is an image of dark web dark net deep web 1

Police seize underground drug marketplace with over 600,000 users

Illustration: jmiks | shutterstock

SimpleHelp flaw lets ransomware hit utility billing software customers, CISA warns

This is an image of dark web hacker security

Graphite spyware found targeting European journalists

>