VDB
CVE-2025-6019
CVE-2025-6019
PUBLISHED
EPSS 0.03% · 9.3th percentile
Risk Scores
EPSS Score
0.03%
9.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amazon | udisks2 | |
| Amazon | libblockdev |
Exploit Intelligence
- HackTheBox — Pterodactyl (Medium/Linux) walkthrough. CVE-2025-49132 LFI → pearcmd RCE → bcrypt crack → SSH. Privesc via CVE-2025-6018 (PAM pam_environment bypass) + CVE-2025-6019 (udisks2 XFS resize race condition, nosuid bypass) → root. Full notes and steps included. (github-poc-repo)
- HackTheBox — Pterodactyl (Medium/Linux) walkthrough. CVE-2025-49132 LFI → pearcmd RCE → bcrypt crack → SSH. Privesc via CVE-2025-6018 (PAM pam_environment bypass) + CVE-2025-6019 (udisks2 XFS resize race condition, nosuid bypass) → root. Full notes and steps included. (github-poc-repo)
- HackTheBox — Pterodactyl (Medium/Linux) walkthrough. CVE-2025-49132 LFI → pearcmd RCE → bcrypt crack → SSH. Privesc via CVE-2025-6018 (PAM pam_environment bypass) + CVE-2025-6019 (udisks2 XFS resize race condition, nosuid bypass) → root. Full notes and steps included. (github-poc-repo)
- HackTheBox — Pterodactyl (Medium/Linux) walkthrough. CVE-2025-49132 LFI → pearcmd RCE → bcrypt crack → SSH. Privesc via CVE-2025-6018 (PAM pam_environment bypass) + CVE-2025-6019 (udisks2 XFS resize race condition, nosuid bypass) → root. Full notes and steps included. (github-poc-repo)
- HackTheBox — Pterodactyl (Medium/Linux) walkthrough. CVE-2025-49132 LFI → pearcmd RCE → bcrypt crack → SSH. Privesc via CVE-2025-6018 (PAM pam_environment bypass) + CVE-2025-6019 (udisks2 XFS resize race condition, nosuid bypass) → root. Full notes and steps included. (github-poc-repo)
- HackTheBox — Pterodactyl (Medium/Linux) walkthrough. CVE-2025-49132 LFI → pearcmd RCE → bcrypt crack → SSH. Privesc via CVE-2025-6018 (PAM pam_environment bypass) + CVE-2025-6019 (udisks2 XFS resize race condition, nosuid bypass) → root. Full notes and steps included. (github-poc-repo)
- HackTheBox — Pterodactyl (Medium/Linux) walkthrough. CVE-2025-49132 LFI → pearcmd RCE → bcrypt crack → SSH. Privesc via CVE-2025-6018 (PAM pam_environment bypass) + CVE-2025-6019 (udisks2 XFS resize race condition, nosuid bypass) → root. Full notes and steps included. (github-poc-repo)
- HackTheBox — Pterodactyl (Medium/Linux) walkthrough. CVE-2025-49132 LFI → pearcmd RCE → bcrypt crack → SSH. Privesc via CVE-2025-6018 (PAM pam_environment bypass) + CVE-2025-6019 (udisks2 XFS resize race condition, nosuid bypass) → root. Full notes and steps included. (github-poc-repo)
- HackTheBox — Pterodactyl (Medium/Linux) walkthrough. CVE-2025-49132 LFI → pearcmd RCE → bcrypt crack → SSH. Privesc via CVE-2025-6018 (PAM pam_environment bypass) + CVE-2025-6019 (udisks2 XFS resize race condition, nosuid bypass) → root. Full notes and steps included. (github-poc-repo)
- HackTheBox — Pterodactyl (Medium/Linux) walkthrough. CVE-2025-49132 LFI → pearcmd RCE → bcrypt crack → SSH. Privesc via CVE-2025-6018 (PAM pam_environment bypass) + CVE-2025-6019 (udisks2 XFS resize race condition, nosuid bypass) → root. Full notes and steps included. (github-poc-repo)
…and 521 more exploits
Timeline
- Jun 17, 2025 PoC Published
- Jun 17, 2025 PoC Published
- Jun 17, 2025 PoC Published
- Jun 17, 2025 PoC Published
- Jun 17, 2025 PoC Published
- Jun 17, 2025 PoC Published
- Jun 17, 2025 CVE Published
- Jun 17, 2025 PoC Published
- Jun 17, 2025 PoC Published
- Jun 18, 2025 PoC Published
- Jun 18, 2025 PoC Published
- Jun 18, 2025 PoC Published
References
- ALAS2-2025-2894: udisks2 (medium) advisory
- ALAS2-2025-2895: libblockdev (medium) advisory