Researchers Discover Linux Vulnerabilities Allowing Full Root Access

Cybersecurity researchers have discovered two Local Privilege Escalation (LPE) vulnerabilities that allow obtaining root privileges on machines running major Linux distributions. The vulnerabilities, identified by Qualys, are as follows: CVE-2025-6018, an LPE allowing a transition from an unprivileged user to allow_active in the Pluggable Authentication Modules (PAM) of SUSE 15, and CVE-2025-6019, an LPE allowing a transition from allow_active to root. These flaws could be exploited to gain full access as root on affected systems.