{"id":"AZL-64113","summary":"CVE-2025-6020 affecting package pam for versions less than 1.5.1-8","details":"A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.","modified":"2026-04-21T04:32:18.051359Z","published":"2025-06-17T13:15:21Z","upstream":["CVE-2025-6020"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6020"}],"affected":[{"package":{"name":"pam","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/pam"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.1-8"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64113.json"}}],"schema_version":"1.7.5"}