VDB
AZL-64190
AZL-64190
PUBLISHED
CVSS 8.300000190734863 HIGH
CVE-2025-6019 affecting package libblockdev 3.2.0-1
Risk Scores
CVSS 4.0
8.300000190734863
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Azure Linux:3 | libblockdev | 0, 0 |
Exploit Intelligence
- HackTheBox — Pterodactyl (Medium/Linux) walkthrough. CVE-2025-49132 LFI → pearcmd RCE → bcrypt crack → SSH. Privesc via CVE-2025-6018 (PAM pam_environment bypass) + CVE-2025-6019 (udisks2 XFS resize race condition, nosuid bypass) → root. Full notes and steps included. (github-poc-repo)
- This is just a quick note on how to exploit these vulnerabilities to get root. (github-poc-repo)
- 0x5chltz/CVE-2025-6019 (github-poc-repo)
- CVE-2025-6018 + CVE-2025-6019 Privilege Escalation Exploit (github-poc-repo)
- A Proof of Concept for chaining CVE-2025-6018 (PAM/Polkit Active Session Bypass) and CVE-2025-6019 (libblockdev SUID Mount Flaw) to achieve Local Privilege Escalation (LPE) on vulnerable Linux systems. (github-poc-repo)
- Auto exploit for CVE-2025-6018 & CVE-2025-6019 based on https://github.com/0rionCollector/Exploit-Chain-CVE-2025-6018-6019 (github-poc-repo)
- CVE-2025-6018 (pam LPE unpriv->allow_active), CVE-2025-6019 (udisks LPE allow_active->root) in sh (github-poc-repo)
- Exploit Chain of CVE-2025-6018 to CVE-2025-6019 (github-poc-repo)
- Vulnerability chaining leads to privilege escalation (github-poc-repo)
- tr3m0x/CVE-2025-6019 (github-poc-repo)
…and 23 more exploits
Timeline
- Jun 19, 2025 CVE Published
- Apr 21, 2026 CVE Updated