CVE-2025-24531

Name	CVE-2025-24531
Description	Possible Authentication Bypass in Error Situations
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-5864-1
Debian Bugs	1095402

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
pam-pkcs11 (PTS)	bullseye	0.6.11-4	fixed
	bookworm	0.6.12-1	vulnerable
	bookworm (security)	0.6.12-1+deb12u1	fixed
	trixie	0.6.12-2	vulnerable
	sid	0.6.13-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin	Debian Bugs
pam-pkcs11	source	bullseye	(not affected)
pam-pkcs11	source	bookworm	0.6.12-1+deb12u1	DSA-5864-1
pam-pkcs11	source	(unstable)	0.6.13-1		1095402

Notes

[bullseye] - pam-pkcs11 <not-affected> (Vulnerable code not present)
https://www.openwall.com/lists/oss-security/2025/02/06/3
Introduced with: https://github.com/OpenSC/pam_pkcs11/commit/bac6cf8e0b242e508e8b715e7f78d52f1227840a (pam_pkcs11-0.6.12)
Fixed by: https://github.com/OpenSC/pam_pkcs11/commit/2ecba68d404c3112546a9e802e3776b9f6c50a6a (pam_pkcs11-0.6.13)