Medium severity6.7OSV Advisory· Published Jan 16, 2026· Updated Apr 15, 2026
CVE-2025-24531
CVE-2025-24531
Description
In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error situations (such as an error triggered by a smartcard before login), allowing authentication bypass.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5pam_pkcs11-0.6.10, pam_pkcs11-0.6.11, pam_pkcs11-0.6.12, …+ 1 more
- (no CPE)range: pam_pkcs11-0.6.10, pam_pkcs11-0.6.11, pam_pkcs11-0.6.12, …
- (no CPE)range: <0.6.13
- osv-coords3 versionspkg:rpm/opensuse/pam_pkcs11&distro=openSUSE%20Tumbleweedpkg:rpm/suse/pam_pkcs11&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/pam_pkcs11&distro=SUSE%20Linux%20Micro%206.1
< 0.6.13-1.1+ 2 more
- (no CPE)range: < 0.6.13-1.1
- (no CPE)range: < 0.6.12-2.1
- (no CPE)range: < 0.6.12-slfo.1.1_3.1
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.