CVE-2025-4598

Published May 30, 2025

Last updated 2 months ago

CVSS medium 4.7
systemd-coredump

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-4598 is a race condition vulnerability found in systemd-coredump, a core dump handler present in Red Hat Enterprise Linux and Fedora. It allows a local attacker to force a SUID process to crash. The attacker can then replace it with a non-SUID binary, gaining access to the original process's privileged core dump. This access enables the attacker to read sensitive data loaded by the original process, such as contents from `/etc/shadow`, potentially exposing password hashes. The vulnerability arises because the attacker can force the Linux kernel to recycle the process ID (PID) before systemd-coredump analyzes the `/proc/pid/auxv` file, thus winning the race condition and gaining access to the core dump.

Description
A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.
Source
secalert@redhat.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.7
Impact score
3.6
Exploitability score
1
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

secalert@redhat.com
CWE-364

Social media

Hype score
Not currently trending

  1. میلیون های سیستم لینوکسی در دنیا در معرض خطر هستند. به تازگی برای لینوکس های Ubuntu و Redhat و Fedora دو آسیب پذیری با کدهای شناسایی CVE-2025-5054 و CVE-2025-4598 از نوع race condition

    @AmirHossein_sec

    4 Jun 2025

    26 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  2. 📌 Two new Linux vulnerabilities, CVE-2025-5054 and CVE-2025-4598, discovered. Race condition flaws allow local attackers to access sensitive info. Apport and systemd-coredump tools affected. #CyberSecurity #Linux https://t.co/nDpC2qRNbB https://t.co/Eq96qy4vPA

    @CyberHub_blog

    4 Jun 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ⚠️ CVE-2025-4598 in #Fedora 41’s systemd-coredump lets attackers leak core dumps. Patch IMMEDIATELY: sudo dnf upgrade --advisory FEDORA-2025-ba86bed822 Read more: 👉 https://t.co/PgUXf8knan https://t.co/tNMycnUo4q

    @Cezar_H_Linux

    3 Jun 2025

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 Critical Linux Alert! CVE-2025-5054 & CVE-2025-4598 could expose password hashes via core dumps on Ubuntu, RHEL & Fedora. 🔒 Mitigate fast with fs.suid_dumpable=0. At Seraph Cyber, we help you stay ahead. 📩 info@seraphcyber.com https://t.co/pAUxGjVFMT

    @Seraph2025

    3 Jun 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 📢 KRİTİK LİNUX GÜVENLİK AÇIĞI – CVE-2025-5054 & CVE-2025-4598 İki ayrı “race condition” zafiyeti, Linux çekirdek dökümü (core dump) mekanizmalarını hedef alıyor ve saldırganların "etc-shadow" dosyasındaki parola özetlerini ele geçirmesine olanak

    @GMDestekMerkezi

    3 Jun 2025

    41 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 📢 KRİTİK LİNUX GÜVENLİK AÇIĞI – CVE-2025-5054 & CVE-2025-4598 🗓️ Yayın Tarihi: 3 Haziran 2025 🔧 Öne Çıkanlar: 🎯 Hedef Modüller: – CVE-2025-5054: Ubuntu’nun Apport çökme raporlama sistemi (apport ≤ 2.33.0) – CVE-2025-4598: Red Hat Enterpr

    @GMDestekMerkezi

    3 Jun 2025

    6 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Qualys reports that critical vulnerabilities CVE-2025-5054 and CVE-2025-4598 in Linux crash reporting tools like Apport and systemd-coredump expose password hashes. Learn more about these flaws and their implications. #Linux #CyberSecurity https://t.co/z0ynhktUkp

    @Cyber_O51NT

    3 Jun 2025

    284 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora CVE-2025-5054 and CVE-2025-4598 are race condition flaws allowing local attackers to access sensitive data in Linux crash reporting tools like Apport and systemd-coredump. https://t.co/1WVNmG0pvl

    @wikinger7

    2 Jun 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Qualys has disclosed two local information disclosure vulnerabilities CVE-2025-5054 in Ubuntu’s Apport and CVE-2025-4598 in "systemd-coredump (used in RHEL 9/10 and Fedora). Both are race conditions that let attackers access core dumps of crashed SUID programs by replacing the

    @dCypherIO

    2 Jun 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Zranitelnosti CVE-2025-5054 v Apport a CVE-2025-4598 v systemd-coredump https://t.co/kmqxU8eLEk

    @abclinuxu

    2 Jun 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Linux Flaws Could Leak Sensitive Data Qualys found CVE-2025-5054 (Apport) and CVE-2025-4598 (systemd-coredump). These let local attackers read core dumps from privileged programs. 🔗https://t.co/2B1FAMWNvG #Linux #CyberSecurity #CVE

    @TuringCyberObs

    2 Jun 2025

    66 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. Qualys TRU Discovers Two Local Information Disclosure Vulnerabilities in Apport and systemd-coredump: CVE-2025-5054 and CVE-2025-4598 https://t.co/iDgPq3dI6f #patchmanagement

    @eyalestrin

    2 Jun 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨 Linux users, patch now! CVE-2025-5054 & CVE-2025-4598 expose systems to data theft via core dumps. Mitigate IMMEDIATELY: `echo 0 > /proc/sys/fs/suid_dumpable`. Update ASAP! 🔐 #LinuxSecurity #Cybersecurity #VulnerabilityManagement https://t.co/9NylF8yu9R

    @fernandokarl

    2 Jun 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Linux vulnerabilities CVE-2025-5054 and CVE-2025-4598 let local attackers extract sensitive data via SUID core dumps. #ITSecurity https://t.co/VUSZLncLk0 Not all distros evidently, just Ubuntu and Red Hat Enterprise Linux, and Fedora.

    @seaarepea

    2 Jun 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Nove Linux ranjivosti: CVE-2025-5054 i CVE-2025-4598 https://t.co/Hr9Bt816TJ #apportvulnerability #confidentialityrisk #cve20254598 #cve20255054 #fedora #linuxflaws #passwordhashleakage #redhatenterpriselinux #suidexecutablecompromise #systemdcoredumpexploit #ubuntu

    @SajberInfoBlog

    1 Jun 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Qualys TRU Discovers Two Local Information Disclosure Vulnerabilities in Apport and systemd-coredump: CVE-2025-5054 and CVE-2025-4598 https://t.co/07A2K4IKHc

    @ytroncal

    1 Jun 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Two information disclosure #vulnerabilities were discovered in #Linux core dump handlers. CVE-2025-5054 and CVE-2025-4598 affect apport and systemd-coredump in Ubuntu, Red Hat Enterprise Linux, and Fedora. #ThreatIntelligence #CyberSecurity https://t.co/kms4NVkSPs

    @MalwarePatrol

    1 Jun 2025

    146 Impressions

    1 Retweet

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. دو حفره امنیتی لینوکس (CVE-2025-5054، CVE-2025-4598) در اوبونتو، RHEL و فدورا کشف شد! مهاجمان محلی می‌تونن هش رمزعبور رو از core dumpهای SUID بدزدن. شدت: متوسط. برای محافظت، core du

    @realkourosh_1

    1 Jun 2025

    69 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora Linux vulnerabilities CVE-2025-5054 and CVE-2025-4598 let local attackers extract sensitive data via SUID core dumps. The Hacker News | thehackernews ​ .com • May 31, 2025 https://t.co/AR4Zii92

    @elonmasai7

    1 Jun 2025

    51 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. systemd CVE-2025-4598 Debian Bug : 1106785 cc: @DevuanOrg (immune) https://t.co/70dUBQOVU0

    @bc1984adam

    1 Jun 2025

    99 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 🚨 Ubuntu・RHEL・Fedoraに新たなLinux脆弱性を発見! Qualysが発見したCVE-2025-5054とCVE-2025-4598により、コアダンプ経由でパスワードハッシュが窃取される可能性があります。 レースコンディション脆弱性を悪用し

    @_Ta_tsu_

    31 May 2025

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Alert: New Linux vulnerabilities (CVE-2025-5054 & CVE-2025-4598) in Ubuntu, RHEL, Fedora allow password hash theft via core dumps. Update systems & apply mitigations promptly. Link: https://t.co/w0a4WUHtpO #Linux #Security #Vulnerability #CVE #Ubuntu #RHEL #Fedora #Updat

    @dailytechonx

    31 May 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 📌 تم تحديد ثغرتين في نظام التشغيل لينوكس، تتعلقان ببرنامج applort وsystemd-coredump في أنظمة Ubuntu وRHEL وFedora. هاتان الثغرتان، المسجلتان كـ CVE-2025-5054 وCVE-2025-4598، قد تسمحان

    @Cybercachear

    31 May 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. ⚠️ Critical security flaws found in Ubuntu, RHEL & Fedora core dump handlers (CVE-2025-5054 & CVE-2025-4598). Time to patch! 🔒 #CyberSecurity #LinuxSecurity #PatchNow https://t.co/s7wWuSNzwY

    @NidaSaharBytes

    31 May 2025

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Critical Linux vulnerabilities CVE-2025-5054 and CVE-2025-4598 in core dump handlers could lead to data leaks. Patch now. More info at: https://t.co/QFe7ctOyvJ #CyberSecurity #LinuxSecurity #CVE2025-5054 #CVE2025-4598

    @threatlight

    31 May 2025

    46 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  26. 🔐 Two Linux flaws let local attackers steal secrets from crash dumps — including password hashes. Found in Ubuntu, RHEL & Fedora, the bugs (CVE-2025-5054 & CVE-2025-4598) exploit SUID crash handling. PoC is public. Mitigations exist. Read: https://t.co/lCoKg5CirQ

    @TheHackersNews

    31 May 2025

    82595 Impressions

    75 Retweets

    226 Likes

    79 Bookmarks

    8 Replies

    4 Quotes

  27. CVE-2025-4598 A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the origina… https://t.co/EGt0J9ky72

    @CVEnew

    30 May 2025

    401 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.