UBUNTU-CVE-2025-23013

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2025-23013
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-23013.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-23013
Upstream
Published
2025-01-15T04:15:00Z
Modified
2025-07-14T04:52:11Z
Severity
  • 7.3 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
  • - medium
Summary
[none]
Details

In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue that allows for an authentication bypass in some configurations. An attacker would require the ability to access the system as an unprivileged user. Depending on the configuration, the attacker may also need to know the user's password.

References

Affected packages

Ubuntu:Pro:16.04:LTS / pam-u2f

Package

Name
pam-u2f
Purl
pkg:deb/ubuntu/pam-u2f@1.0.3-1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.1-1
1.0.2-1
1.0.3-1

Ubuntu:Pro:18.04:LTS / pam-u2f

Package

Name
pam-u2f
Purl
pkg:deb/ubuntu/pam-u2f@1.0.4-2?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.4-2

Ubuntu:Pro:20.04:LTS / pam-u2f

Package

Name
pam-u2f
Purl
pkg:deb/ubuntu/pam-u2f@1.0.8-1?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.8-1

Ubuntu:22.04:LTS / pam-u2f

Package

Name
pam-u2f
Purl
pkg:deb/ubuntu/pam-u2f@1.1.0-1.1build1?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.0-1.1
1.1.0-1.1build1

Ubuntu:24.04:LTS / pam-u2f

Package

Name
pam-u2f
Purl
pkg:deb/ubuntu/pam-u2f@1.1.0-1.1build3?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.0-1.1build1
1.1.0-1.1build2
1.1.0-1.1build3

Ubuntu:25.04 / pam-u2f

Package

Name
pam-u2f
Purl
pkg:deb/ubuntu/pam-u2f@1.3.1-1?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.1-1

Affected versions

1.*

1.3.0-1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libpam-u2f",
            "binary_version": "1.3.1-1"
        },
        {
            "binary_name": "libpam-u2f-dbgsym",
            "binary_version": "1.3.1-1"
        },
        {
            "binary_name": "pamu2fcfg",
            "binary_version": "1.3.1-1"
        },
        {
            "binary_name": "pamu2fcfg-dbgsym",
            "binary_version": "1.3.1-1"
        }
    ]
}