vulnerability
Gentoo Linux: CVE-2025-23013: Yubico pam-u2f: Partial Authentication Bypass
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:M/Au:S/C:C/I:C/A:C) | Jan 15, 2025 | Jan 24, 2025 | Mar 31, 2026 |
Severity
7
CVSS
(AV:L/AC:M/Au:S/C:C/I:C/A:C)
Published
Jan 15, 2025
Added
Jan 24, 2025
Modified
Mar 31, 2026
Description
In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue that allows for an authentication bypass in some configurations. An attacker would require the ability to access the system as an unprivileged user. Depending on the configuration, the attacker may also need to know the user's password.
Solution
gentoo-linux-upgrade-sys-auth-pam_u2f
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.