OpenSC pam_pkcs11 <=0.6.13 PAM Ignore Auth Bypass
CVE-2025-24531 Published on January 16, 2026
In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error situations (such as an error triggered by a smartcard before login), allowing authentication bypass.
Weakness Type
Return of Wrong Status Code
A function or operation returns an incorrect return value or status code that does not indicate an error, but causes the product to modify its behavior based on the incorrect result. This can lead to unpredictable behavior. If the function is used to make security-critical decisions or provide security-critical information, then the wrong status code can cause the software to assume that an action is safe, even when it is not.
Products Associated with CVE-2025-24531
Want to know whenever a new CVE is published for Canonical Ubuntu Linux? stack.watch will email you.
Affected Versions
OpenSC project pam_pkcs11:- Version 0.6.12 and below 0.6.13 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.