{"id":"AZL-64142","summary":"CVE-2025-6020 affecting package pam for versions less than 1.5.3-5","details":"A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.","modified":"2026-04-21T04:32:18.323706Z","published":"2025-06-17T13:15:21Z","upstream":["CVE-2025-6020"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6020"}],"affected":[{"package":{"name":"pam","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/pam"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.3-5"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64142.json"}}],"schema_version":"1.7.5"}