New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions

June 20, 2025

Cybersecurity researchers have uncovered two local privilege escalation (LPE) flaws that could be exploited to gain root privileges on machines running major Linux distributions.
The vulnerabilities, discovered by Qualys, are listed below –

CVE-2025-6018 – LPE from unprivileged to allow_active in SUSE 15’s Pluggable Authentication Modules (PAM)
CVE-2025-6019 – LPE from allow_active to root in

Source: Read More

Previous ArticleOxford City Council Cyberattack Disrupts Services and Exposes Historic Election Data

Next Article Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication

Highlights

CVE-2025-5486 – WordPress WP Email Debug Privilege Escalation

June 6, 2025

CVE ID : CVE-2025-5486

Published : June 6, 2025, 7:15 a.m. | 33 minutes ago

Description : The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in versions 1.0 to 1.1.0. This makes it possible for unauthenticated attackers to enable debugging and send all emails to an attacker controlled address and then trigger a password reset for an administrator to gain access to an administrator account.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

IBM launches new integration to help unify AI security and governance

I’ve tested dozens of robot vacuums. These are the three I recommend most to family and friends

These apps are quietly draining your phone battery – how to find and shut them down

184 million passwords for Google, Microsoft, Facebook, and more leaked in massive data breach

I tested the world’s thinnest SSD enclosure – here’s why it’s the perfect PC accessory for me

Dr. Axel’s JavaScript flashcards

Dr. Axel’s JavaScript flashcards

Syntax-Highlight – Custom Element For Syntax Highlighting Content

WelsonJS – Build a Windows app on the Windows built-in JavaScript engine

NVIDIA GeForce NOW adds 13 more games, including Borderlands series & new co-op shooter

NVIDIA GeForce NOW adds 13 more games, including Borderlands series & new co-op shooter

DuckDuckGo browser expands Scam Blocker to catch more fake sites and scareware

Microsoft PowerToys ‘Peek’ tool makes file previews instant on Windows

New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions

Dr. Axel’s JavaScript flashcards

Syntax-Highlight – Custom Element For Syntax Highlighting Content

This Isn’t Supposed to Happen: Troubleshooting the Impossible

CVE-2025-2394 – Ecovacs Home Android and iOS Mobile Apps Stored XSS Vulnerability

Hand TeX is a handwritten LaTeX symbol classifier

AlphaPlot generates 2D and 3D plots

CVE-2025-5486 – WordPress WP Email Debug Privilege Escalation

Biome v2 – codename: Biotype

CVE-2025-40729 – Apache Customer Support System Reflected Cross-Site Scripting (XSS)

NomadBSD is a persistent live system for USB flash drives

New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions

Related Posts