Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2025-6019
CVE-2025-6019:
Alma Linux vulnerability analysis and mitigation
Overview
CVE-2025-6019 is a Local Privilege Escalation (LPE) vulnerability discovered in libblockdev that can be exploited via the udisks daemon. The vulnerability was discovered by Qualys researchers and disclosed on June 17, 2025. The issue affects most Linux distributions including Ubuntu, Debian, Fedora, and openSUSE Leap 15, where libblockdev and udisks are installed by default (Qualys Advisory).
Technical details
The vulnerability exists in libblockdev's handling of mount options when resizing XFS filesystems. When an XFS filesystem resize is requested through udisks, libblockdev temporarily mounts the filesystem in /tmp without the nosuid and nodev flags. This oversight allows an attacker with 'allow_active' privileges to mount a specially crafted XFS image containing a SUID-root shell, which can then be executed to obtain root privileges. The vulnerability is particularly concerning because udisks is included by default on most Linux distributions (Help Net Security, Ubuntu Blog).
Impact
When successfully exploited, this vulnerability allows a local attacker with 'allow_active' privileges (typically a user with physical console access) to escalate their privileges to root. Once root access is achieved, an attacker can disable EDR agents, implant backdoors, modify system configurations, and potentially use the compromised system as a launchpad for wider organizational compromise (Help Net Security).
Mitigation and workarounds
Patches have been released for affected distributions. Ubuntu has released updates for all supported versions, including 18.04 LTS through 25.04. The recommended mitigation is to apply the security updates immediately. If updates cannot be applied immediately, a temporary workaround involves modifying the polkit rule for org.freedesktop.udisks2.modify-device in /usr/share/polkit-1/actions/org.freedesktop.UDisks2.policy to change allowactive from 'yes' to 'authadmin' (Ubuntu Blog).
Community reactions
Security experts emphasize the critical nature of this vulnerability, particularly when chained with other vulnerabilities like CVE-2025-6018. Saeed Abbasi, Senior Manager at Qualys, stated that 'these modern local-to-root exploits have collapsed the gap between an ordinary logged-in user and a full system takeover' and advised organizations to 'treat this as a critical, universal risk and deploy patches without delay' (Help Net Security).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management