SB2025062059 - SUSE update for pam_pkcs11
Published: June 20, 2025 Updated: February 13, 2026
Security Bulletin ID
SB2025062059
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Configuration (CVE-ID: CVE-2025-6018)
The issue may allow a local user to escalate privileges on the system.
The issue exists due an error in the PAM configuration of openSUSE Leap 15 and SUSE Linux Enterprise 15. An unprivileged user who logs in via sshd can force the pam_env module to add arbitrary variables to PAM's environment, leading to arbitrary code execution as root.
Remediation
Install update from vendor's website.