A new proof-of-concept (PoC) has been released for a serious vulnerability tracked as CVE-2025-8941, affecting the Pluggable Authentication Modules (PAM) used across Linux distributions.
The flaw, rated 7.8 (High) on the CVSS scale, allows local attackers to elevate privileges to root through a sophisticated race condition and symbolic link (symlink) manipulation.
Discovered in the pam_namespace module of Linux-PAM, the issue stems from improper handling of user-controlled paths during namespace setup.
https://gbhackers.com/poc-released-for-linux-pam-flaw/