What is CVE-2025-23013?

CVE-2025-23013 is a vulnerability in Yubico Pam-u2f, classified under CWE-394. Published 2025-01-15.

Is CVE-2025-23013 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Yubico Pam-u2f

CVE-2025-23013

In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenti…

EPSS: 0.000 (9.9th percentile) — read the EPSS interpretation.

Affected products

Yubico Pam-u2f — versions 0

Weakness classification (CWE)

CWE-394

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds
jfouret/ansible-yubico-pam
w4zu/Debian_

References

www.yubico.com/support/security-advisories/ysa-2025-01/

Frequently asked questions

What is CVE-2025-23013?: CVE-2025-23013 is a vulnerability in Yubico Pam-u2f, classified under CWE-394. Published 2025-01-15.
Is CVE-2025-23013 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.