CVE-2025-24531

Public on 2025-02-08
Modified on 2025-02-08
Description
Possible Authentication Bypass in Error Situations

NOTE: http://www.openwall.com/lists/oss-security/2025/02/06/3
NOTE: Introduced with: http://github.com/OpenSC/pam_pkcs11/commit/bac6cf8e0b242e508e8b715e7f78d52f1227840a (pam_pkcs11-0.6.12)
NOTE: Fixed by: http://github.com/OpenSC/pam_pkcs11/commit/2ecba68d404c3112546a9e802e3776b9f6c50a6a (pam_pkcs11-0.6.13)
DEBIANBUG: [1095402]
Severity
Critical severity
Critical
CVSS v3 Base Score
9.1
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
HAQM Linux 2 - Core pam_pkcs11 Not Affected

CVSS Scores

Score Type Score Vector
HAQM Linux CVSSv3 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References

Red Hat: CVE-2025-24531 Mitre: CVE-2025-24531