{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6019", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-06-11T22:14:52.625Z", "datePublished": "2025-06-19T11:55:57.380Z", "dateUpdated": "2025-06-21T22:58:36.379Z"}, "containers": {"cna": {"title": "Libblockdev: lpe from allow_active to root in libblockdev via udisks", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the \"allow_active\" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an \"allow_active\" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libblockdev", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libblockdev", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libblockdev", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libblockdev", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-6019", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370051", "name": "RHBZ#2370051", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt"}], "datePublic": "2025-06-17T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-250", "description": "Execution with Unnecessary Privileges", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-250: Execution with Unnecessary Privileges", "workarounds": [{"lang": "en", "value": "Currently, no mitigation is available for this vulnerability."}], "timeline": [{"lang": "en", "time": "2025-06-03T15:58:30.591000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-06-17T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-06-21T22:58:36.379Z"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/06/17/5"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/17/6"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00018.html"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/18/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-06-19T12:07:16.097Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-20T13:06:36.660382Z", "id": "CVE-2025-6019", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-20T13:11:22.727Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/06/17/5"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/17/6"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00018.html"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/18/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-06-19T12:07:16.097Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6019", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-20T13:06:36.660382Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-20T13:06:37.751Z"}}], "cna": {"title": "Libblockdev: lpe from allow_active to root in libblockdev via udisks", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/o:redhat:enterprise_linux:10"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "packageName": "libblockdev", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "libblockdev", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "libblockdev", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "libblockdev", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2025-06-03T15:58:30.591000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-06-17T00:00:00+00:00", "value": "Made public."}], "datePublic": "2025-06-17T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-6019", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370051", "name": "RHBZ#2370051", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt"}], "workarounds": [{"lang": "en", "value": "Currently, no mitigation is available for this vulnerability."}], "descriptions": [{"lang": "en", "value": "A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the \"allow_active\" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an \"allow_active\" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-250", "description": "Execution with Unnecessary Privileges"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-06-21T22:58:36.379Z"}, "x_redhatCweChain": "CWE-250: Execution with Unnecessary Privileges"}}, "cveMetadata": {"cveId": "CVE-2025-6019", "state": "PUBLISHED", "dateUpdated": "2025-06-21T22:58:36.379Z", "dateReserved": "2025-06-11T22:14:52.625Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-06-19T11:55:57.380Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the \"allow_active\" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an \"allow_active\" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de Escalada de Privilegios Locales (LPE) en libblockdev. Generalmente, la configuraci\u00f3n \"allow_active\" de Polkit permite a un usuario f\u00edsicamente presente realizar ciertas acciones seg\u00fan el tipo de sesi\u00f3n. Debido a la forma en que libblockdev interact\u00faa con el daemon udisks, un usuario \"allow_active\" en un sistema puede escalar a privilegios de root completos en el host objetivo. Normalmente, udisks monta im\u00e1genes del sistema de archivos proporcionadas por el usuario con indicadores de seguridad como nosuid y nodev para evitar la escalada de privilegios. Sin embargo, un atacante local puede crear una imagen XFS especialmente manipulada que contenga un shell SUID-root y luego enga\u00f1ar a udisks para que la redimensione. Esto monta su sistema de archivos malicioso con privilegios de root, lo que le permite ejecutar su shell SUID-root y obtener el control total del sistema."}], "id": "CVE-2025-6019", "lastModified": "2025-06-21T23:15:24.433", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2025-06-19T12:15:19.727", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2025-6019"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370051"}, {"source": "secalert@redhat.com", "url": "https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2025/06/17/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2025/06/17/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2025/06/18/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00018.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-250"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"bugzilla": {"description": "libblockdev: LPE from allow_active to root in libblockdev via udisks", "id": "2370051", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370051"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-250", "details": ["A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the \"allow_active\" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an \"allow_active\" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system."], "mitigation": {"lang": "en:us", "value": "Currently, no mitigation is available for this vulnerability."}, "name": "CVE-2025-6019", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "libblockdev", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "libblockdev", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "libblockdev", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "libblockdev", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-06-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-6019\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-6019\nhttps://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt"], "statement": "While this vulnerability could allow a remote attacker to gain full control of the system, the default configuration of Red Hat offerings prevent such broad exploitation. Systems are at heightened risk if Policy Kit (polkit) were modified to allow remote users (for example SSH) to appear like regular local users. Due to the unlikely configuration required, the conditions to remotely exploit this vulnerability are typically not present, reducing the impact to Important.", "threat_severity": "Important"}