{"api_version":"1","generated_at":"2026-07-03T22:09:11+00:00","cve":"CVE-2025-6019","urls":{"html":"https://cve.report/CVE-2025-6019","api":"https://cve.report/api/cve/CVE-2025-6019.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-6019","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-6019"},"summary":{"title":"Libblockdev: lpe from allow_active to root in libblockdev via udisks","description":"A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the \"allow_active\" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an \"allow_active\" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation.  However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.","state":"PUBLISHED","assigner":"redhat","published_at":"2025-06-19 12:15:19","updated_at":"2026-06-30 11:16:26"},"problem_types":["CWE-250","CWE-250 Execution with Unnecessary Privileges"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"7","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"7","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:9326","name":"https://access.redhat.com/errata/RHSA-2025:9326","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt","name":"https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:9878","name":"https://access.redhat.com/errata/RHSA-2025:9878","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:9325","name":"https://access.redhat.com/errata/RHSA-2025:9325","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2025-6019","name":"https://access.redhat.com/security/cve/CVE-2025-6019","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:9323","name":"https://access.redhat.com/errata/RHSA-2025:9323","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:9328","name":"https://access.redhat.com/errata/RHSA-2025:9328","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370051","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2370051","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.bleepingcomputer.com/news/linux/new-linux-udisks-flaw-lets-attackers-get-root-on-major-linux-distros/","name":"https://www.bleepingcomputer.com/news/linux/new-linux-udisks-flaw-lets-attackers-get-root-on-major-linux-distros/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:9320","name":"https://access.redhat.com/errata/RHSA-2025:9320","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:9324","name":"https://access.redhat.com/errata/RHSA-2025:9324","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.debian.org/debian-lts-announce/2025/06/msg00018.html","name":"https://lists.debian.org/debian-lts-announce/2025/06/msg00018.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:9327","name":"https://access.redhat.com/errata/RHSA-2025:9327","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2025/06/18/1","name":"http://www.openwall.com/lists/oss-security/2025/06/18/1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:9321","name":"https://access.redhat.com/errata/RHSA-2025:9321","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2025/06/17/5","name":"http://www.openwall.com/lists/oss-security/2025/06/17/5","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2025/06/17/6","name":"http://www.openwall.com/lists/oss-security/2025/06/17/6","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:10796","name":"https://access.redhat.com/errata/RHSA-2025:10796","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:9322","name":"https://access.redhat.com/errata/RHSA-2025:9322","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://news.ycombinator.com/item?id=44325861","name":"https://news.ycombinator.com/item?id=44325861","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-6019","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6019","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"unaffected 0:3.2.0-4.el10_0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 7 Extended Lifecycle Support","version":"unaffected 0:2.18-5.el7_9.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","version":"unaffected 0:2.28-7.el8_10 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Advanced Update Support","version":"unaffected 0:2.19-13.el8_2 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","version":"unaffected 0:2.24-6.el8_4 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","version":"unaffected 0:2.24-9.el8_6 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Telecommunications Update Service","version":"unaffected 0:2.24-9.el8_6 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions","version":"unaffected 0:2.24-9.el8_6 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","version":"unaffected 0:2.28-3.el8_8 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"unaffected 0:2.28-14.el9_6 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","version":"unaffected 0:2.25-12.el9_0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","version":"unaffected 0:2.28-5.el9_2 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","version":"unaffected 0:2.28-11.el9_4 * rpm","platforms":[]}],"timeline":[{"source":"CNA","time":"2025-06-03T15:58:30.591Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2025-06-17T00:00:00.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"Currently, no mitigation is available for this vulnerability.","time":"","lang":"en"}],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"6019","cve":"CVE-2025-6019","epss":"0.004230000","percentile":"0.340780000","score_date":"2026-07-02","updated_at":"2026-07-03 00:06:13"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2025-06-23T13:39:55.143Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"http://www.openwall.com/lists/oss-security/2025/06/17/5"},{"url":"http://www.openwall.com/lists/oss-security/2025/06/17/6"},{"url":"https://lists.debian.org/debian-lts-announce/2025/06/msg00018.html"},{"url":"http://www.openwall.com/lists/oss-security/2025/06/18/1"},{"url":"https://www.bleepingcomputer.com/news/linux/new-linux-udisks-flaw-lets-attackers-get-root-on-major-linux-distros/"},{"url":"https://news.ycombinator.com/item?id=44325861"}],"title":"CVE Program Container","x_generator":{"engine":"ADPogram 0.0.1"}},{"metrics":[{"other":{"content":{"id":"CVE-2025-6019","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-06-24T03:55:34.080434Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-02-26T17:50:28.586Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"collectionURL":"https://github.com/storaged-project/libblockdev/","defaultStatus":"unaffected","packageName":"libblockdev","versions":[{"lessThan":"3.3.1","status":"affected","version":"0","versionType":"semver"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10.0"],"defaultStatus":"affected","packageName":"libblockdev","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.2.0-4.el10_0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_els:7"],"defaultStatus":"affected","packageName":"libblockdev","product":"Red Hat Enterprise Linux 7 Extended Lifecycle Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.18-5.el7_9.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/a:redhat:enterprise_linux:8::crb"],"defaultStatus":"affected","packageName":"libblockdev","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.28-7.el8_10","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_aus:8.2::appstream"],"defaultStatus":"affected","packageName":"libblockdev","product":"Red Hat Enterprise Linux 8.2 Advanced Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.19-13.el8_2","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream"],"defaultStatus":"affected","packageName":"libblockdev","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.24-6.el8_4","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::appstream","cpe:/a:redhat:rhel_tus:8.6::appstream"],"defaultStatus":"affected","packageName":"libblockdev","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.24-9.el8_6","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::appstream","cpe:/a:redhat:rhel_tus:8.6::appstream"],"defaultStatus":"affected","packageName":"libblockdev","product":"Red Hat Enterprise Linux 8.6 Telecommunications Update Service","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.24-9.el8_6","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::appstream","cpe:/a:redhat:rhel_tus:8.6::appstream"],"defaultStatus":"affected","packageName":"libblockdev","product":"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.24-9.el8_6","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream"],"defaultStatus":"affected","packageName":"libblockdev","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.28-3.el8_8","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"defaultStatus":"affected","packageName":"libblockdev","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.28-14.el9_6","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream"],"defaultStatus":"affected","packageName":"libblockdev","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.25-12.el9_0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"],"defaultStatus":"affected","packageName":"libblockdev","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.28-5.el9_2","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream"],"defaultStatus":"affected","packageName":"libblockdev","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.28-11.el9_4","versionType":"rpm"}]}],"datePublic":"2025-06-17T00:00:00.000Z","descriptions":[{"lang":"en","value":"A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the \"allow_active\" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an \"allow_active\" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation.  However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-250","description":"Execution with Unnecessary Privileges","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-30T10:40:27.164Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2025:10796","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:10796"},{"name":"RHSA-2025:9320","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:9320"},{"name":"RHSA-2025:9321","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:9321"},{"name":"RHSA-2025:9322","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:9322"},{"name":"RHSA-2025:9323","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:9323"},{"name":"RHSA-2025:9324","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:9324"},{"name":"RHSA-2025:9325","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:9325"},{"name":"RHSA-2025:9326","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:9326"},{"name":"RHSA-2025:9327","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:9327"},{"name":"RHSA-2025:9328","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:9328"},{"name":"RHSA-2025:9878","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:9878"},{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2025-6019"},{"name":"RHBZ#2370051","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370051"},{"url":"https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt"}],"timeline":[{"lang":"en","time":"2025-06-03T15:58:30.591Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-06-17T00:00:00.000Z","value":"Made public."}],"title":"Libblockdev: lpe from allow_active to root in libblockdev via udisks","workarounds":[{"lang":"en","value":"Currently, no mitigation is available for this vulnerability."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-250: Execution with Unnecessary Privileges"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2025-6019","datePublished":"2025-06-19T11:55:57.380Z","dateReserved":"2025-06-11T22:14:52.625Z","dateUpdated":"2026-06-30T10:40:27.164Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-06-19 12:15:19","lastModifiedDate":"2026-06-30 11:16:26","problem_types":["CWE-250","CWE-250 Execution with Unnecessary Privileges"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-24T03:55:34.080434Z","id":"CVE-2025-6019","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"6019","Ordinal":"1","Title":"Libblockdev: lpe from allow_active to root in libblockdev via ud","CVE":"CVE-2025-6019","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"6019","Ordinal":"1","NoteData":"A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the \"allow_active\" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an \"allow_active\" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation.  However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.","Type":"Description","Title":"Libblockdev: lpe from allow_active to root in libblockdev via ud"}]}}}