DEBIAN-CVE-2025-6019
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | libblockdev | 0, 0 |
| Debian:11 | libblockdev | 2.25-2, 0, 0 |
| Debian:12 | libblockdev | 2.28-2, 0, 0 |
| Debian:14 | libblockdev | 0, 0 |
Exploit Intelligence
- HackTheBox — Pterodactyl (Medium/Linux) walkthrough. CVE-2025-49132 LFI → pearcmd RCE → bcrypt crack → SSH. Privesc via CVE-2025-6018 (PAM pam_environment bypass) + CVE-2025-6019 (udisks2 XFS resize race condition, nosuid bypass) → root. Full notes and steps included. (github-poc-repo)
- This is just a quick note on how to exploit these vulnerabilities to get root. (github-poc-repo)
- 0x5chltz/CVE-2025-6019 (github-poc-repo)
- CVE-2025-6018 + CVE-2025-6019 Privilege Escalation Exploit (github-poc-repo)
- A Proof of Concept for chaining CVE-2025-6018 (PAM/Polkit Active Session Bypass) and CVE-2025-6019 (libblockdev SUID Mount Flaw) to achieve Local Privilege Escalation (LPE) on vulnerable Linux systems. (github-poc-repo)
- Auto exploit for CVE-2025-6018 & CVE-2025-6019 based on https://github.com/0rionCollector/Exploit-Chain-CVE-2025-6018-6019 (github-poc-repo)
- CVE-2025-6018 (pam LPE unpriv->allow_active), CVE-2025-6019 (udisks LPE allow_active->root) in sh (github-poc-repo)
- Exploit Chain of CVE-2025-6018 to CVE-2025-6019 (github-poc-repo)
- Vulnerability chaining leads to privilege escalation (github-poc-repo)
- tr3m0x/CVE-2025-6019 (github-poc-repo)
…and 23 more exploits
Timeline
- Jun 19, 2025 CVE Published
- Apr 28, 2026 CVE Updated