vulnerability

Ubuntu: USN-7363-1 (CVE-2025-24531): PAM-PKCS#11 vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:L/AC:M/Au:N/C:C/I:C/A:N)	Feb 7, 2025	Mar 21, 2025	Jan 19, 2026

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:C/A:N)

Published

Feb 7, 2025

Added

Mar 21, 2025

Modified

Jan 19, 2026

Description

Marcus Rückert and Matthias Gerstner discovered that PAM-PKCS#11 did not
properly handle certain return codes when authentication was not possible.
An attacker could possibly use this issue to bypass authentication. This
issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-24531)

It was discovered that PAM-PKCS#11 did not require a private key signature
for authentication by default. An attacker could possibly use this issue
to bypass authentication. (CVE-2025-24032)

Solution

ubuntu-upgrade-libpam-pkcs11

References

CVE-2025-24531
https://attackerkb.com/topics/CVE-2025-24531
CWE-393
UBUNTU-USN-7363-1
URL-https://ubuntu.com/security/notices/USN-7363-1
URL-https://www.cve.org/CVERecord?id=CVE-2025-24531
URL-https://www.openwall.com/lists/oss-security/2025/02/06/3

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today