- Description
- Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).
- Source
- security@ubuntu.com
- NVD status
- Modified
- Products
- apport, ubuntu_linux
CVSS 3.1
- Type
- Secondary
- Base score
- 4.7
- Impact score
- 3.6
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- security@ubuntu.com
- CWE-362
- Hype score
- Not currently trending
🔒 Incluso Linux está en la mira de los ciberatacantes. CVE-2025-5054 y CVE-2025-4598 ponen en riesgo tus datos. 🚨 Un SOC 24/7 detecta amenazas antes de que causen daño. 📖 Detalles en nuestro blog: https://t.co/ilU3G15ZaU ✉️ Protégelo ahora: https://t.co/zdGjA6lW
@GruppoAvanti
30 Sept 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New Linux vulnerabilities (CVE-2025-5054 & 4598) allow attackers to exploit race conditions by replacing privileged processes, potentially leaking sensitive info through tools like Apport. #SecurityAlert https://t.co/krA4kcPNkT
@Synapze_
3 Jul 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #CVE-2025-5054: Core-Dump Password Hash Theft Vulnerability in #Ubuntu https://t.co/dSav2icrpM Educational Purposes!
@UndercodeUpdate
7 Jun 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
میلیون های سیستم لینوکسی در دنیا در معرض خطر هستند. به تازگی برای لینوکس های Ubuntu و Redhat و Fedora دو آسیب پذیری با کدهای شناسایی CVE-2025-5054 و CVE-2025-4598 از نوع race condition
@AmirHossein_sec
4 Jun 2025
26 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
📌 Two new Linux vulnerabilities, CVE-2025-5054 and CVE-2025-4598, discovered. Race condition flaws allow local attackers to access sensitive info. Apport and systemd-coredump tools affected. #CyberSecurity #Linux https://t.co/nDpC2qRNbB https://t.co/Eq96qy4vPA
@CyberHub_blog
4 Jun 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-5054
@transilienceai
3 Jun 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Critical Linux Alert! CVE-2025-5054 & CVE-2025-4598 could expose password hashes via core dumps on Ubuntu, RHEL & Fedora. 🔒 Mitigate fast with fs.suid_dumpable=0. At Seraph Cyber, we help you stay ahead. 📩 info@seraphcyber.com https://t.co/pAUxGjVFMT
@Seraph2025
3 Jun 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢 KRİTİK LİNUX GÜVENLİK AÇIĞI – CVE-2025-5054 & CVE-2025-4598 İki ayrı “race condition” zafiyeti, Linux çekirdek dökümü (core dump) mekanizmalarını hedef alıyor ve saldırganların "etc-shadow" dosyasındaki parola özetlerini ele geçirmesine olanak
@GMDestekMerkezi
3 Jun 2025
41 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
📢 KRİTİK LİNUX GÜVENLİK AÇIĞI – CVE-2025-5054 & CVE-2025-4598 🗓️ Yayın Tarihi: 3 Haziran 2025 🔧 Öne Çıkanlar: 🎯 Hedef Modüller: – CVE-2025-5054: Ubuntu’nun Apport çökme raporlama sistemi (apport ≤ 2.33.0) – CVE-2025-4598: Red Hat Enterpr
@GMDestekMerkezi
3 Jun 2025
6 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Qualys reports that critical vulnerabilities CVE-2025-5054 and CVE-2025-4598 in Linux crash reporting tools like Apport and systemd-coredump expose password hashes. Learn more about these flaws and their implications. #Linux #CyberSecurity https://t.co/z0ynhktUkp
@Cyber_O51NT
3 Jun 2025
284 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
galera do arch também foi afetado pelo cve-2025-5054?
@patinhotech
3 Jun 2025
465 Impressions
0 Retweets
4 Likes
1 Bookmark
4 Replies
0 Quotes
🗣️ Linux Crash Reporting Flaws (CVE-2025-5054, 4598) Expose Password Hashes https://t.co/j9orgrYoil
@fridaysecurity
2 Jun 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora CVE-2025-5054 and CVE-2025-4598 are race condition flaws allowing local attackers to access sensitive data in Linux crash reporting tools like Apport and systemd-coredump. https://t.co/1WVNmG0pvl
@wikinger7
2 Jun 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora A brief description of the two flaws is below CVE-2025-5054 (CVSS score: 4.7) - A race condition in Canonical apport package up to and including 2.32.0 that allows a local attacker to leak https://
@Tech_Via_Tony
2 Jun 2025
77 Impressions
1 Retweet
1 Like
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-5054 & 4598: Race conditions in Apport & systemd-coredump let local attackers extract password hashes from SUID crashes. Impacts Ubuntu, RHEL, Fedora. Patch or disable SUID core dumps to mitigate. #Linux #CVE2025 #CyberSecurity #PatchNow #InfoSec #SUID #CloneS
@CloneSystemsInc
2 Jun 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Qualys has disclosed two local information disclosure vulnerabilities CVE-2025-5054 in Ubuntu’s Apport and CVE-2025-4598 in "systemd-coredump (used in RHEL 9/10 and Fedora). Both are race conditions that let attackers access core dumps of crashed SUID programs by replacing the
@dCypherIO
2 Jun 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Zranitelnosti CVE-2025-5054 v Apport a CVE-2025-4598 v systemd-coredump https://t.co/kmqxU8eLEk
@abclinuxu
2 Jun 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Linux Flaws Could Leak Sensitive Data Qualys found CVE-2025-5054 (Apport) and CVE-2025-4598 (systemd-coredump). These let local attackers read core dumps from privileged programs. 🔗https://t.co/2B1FAMWNvG #Linux #CyberSecurity #CVE
@TuringCyberObs
2 Jun 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Qualys TRU Discovers Two Local Information Disclosure Vulnerabilities in Apport and systemd-coredump: CVE-2025-5054 and CVE-2025-4598 https://t.co/iDgPq3dI6f #patchmanagement
@eyalestrin
2 Jun 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Linux users, patch now! CVE-2025-5054 & CVE-2025-4598 expose systems to data theft via core dumps. Mitigate IMMEDIATELY: `echo 0 > /proc/sys/fs/suid_dumpable`. Update ASAP! 🔐 #LinuxSecurity #Cybersecurity #VulnerabilityManagement https://t.co/9NylF8yu9R
@fernandokarl
2 Jun 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Linux vulnerabilities CVE-2025-5054 and CVE-2025-4598 let local attackers extract sensitive data via SUID core dumps. #ITSecurity https://t.co/VUSZLncLk0 Not all distros evidently, just Ubuntu and Red Hat Enterprise Linux, and Fedora.
@seaarepea
2 Jun 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Falha no Ubuntu (CVE-2025-5054) pode revelar dados sensíveis. Atualização já disponível! #ataque #computador #linux #mundo #segurança #ubuntu #vulnerabilidade https://t.co/ucEIlrV8dN
@TugaTech
1 Jun 2025
46 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Nove Linux ranjivosti: CVE-2025-5054 i CVE-2025-4598 https://t.co/Hr9Bt816TJ #apportvulnerability #confidentialityrisk #cve20254598 #cve20255054 #fedora #linuxflaws #passwordhashleakage #redhatenterpriselinux #suidexecutablecompromise #systemdcoredumpexploit #ubuntu
@SajberInfoBlog
1 Jun 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Qualys TRU Discovers Two Local Information Disclosure Vulnerabilities in Apport and systemd-coredump: CVE-2025-5054 and CVE-2025-4598 https://t.co/07A2K4IKHc
@ytroncal
1 Jun 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two information disclosure #vulnerabilities were discovered in #Linux core dump handlers. CVE-2025-5054 and CVE-2025-4598 affect apport and systemd-coredump in Ubuntu, Red Hat Enterprise Linux, and Fedora. #ThreatIntelligence #CyberSecurity https://t.co/kms4NVkSPs
@MalwarePatrol
1 Jun 2025
146 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
دو حفره امنیتی لینوکس (CVE-2025-5054، CVE-2025-4598) در اوبونتو، RHEL و فدورا کشف شد! مهاجمان محلی میتونن هش رمزعبور رو از core dumpهای SUID بدزدن. شدت: متوسط. برای محافظت، core du
@realkourosh_1
1 Jun 2025
69 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora Linux vulnerabilities CVE-2025-5054 and CVE-2025-4598 let local attackers extract sensitive data via SUID core dumps. The Hacker News | thehackernews .com • May 31, 2025 https://t.co/AR4Zii92
@elonmasai7
1 Jun 2025
51 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Ubuntu・RHEL・Fedoraに新たなLinux脆弱性を発見! Qualysが発見したCVE-2025-5054とCVE-2025-4598により、コアダンプ経由でパスワードハッシュが窃取される可能性があります。 レースコンディション脆弱性を悪用し
@_Ta_tsu_
31 May 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Alert: New Linux vulnerabilities (CVE-2025-5054 & CVE-2025-4598) in Ubuntu, RHEL, Fedora allow password hash theft via core dumps. Update systems & apply mitigations promptly. Link: https://t.co/w0a4WUHtpO #Linux #Security #Vulnerability #CVE #Ubuntu #RHEL #Fedora #Updat
@dailytechonx
31 May 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Due falle critiche minacciano Linux e vBulletin: rischio di RCE e furto dati Vulnerabilità, Apport, core dump, CVE-2025-48827, CVE-2025-5054, exploit PHP, Linux, PHP Reflection, systemd-coredump, vBulletin https://t.co/Feyu3T2wmK https://t.co/tgLcakSONV
@matricedigitale
31 May 2025
50 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
📢 ÇEKİRDEK YAMASI – Ubuntu Apport LSN-0112-1 Ubuntu ekibi tarafından yayımlanan LSN-0112-1 yaması, CVE-2025-5054 açığını kapatmak üzere apport paketini 2.32.0-0ubuntu5.1 sürümüne yükseltiyor. Bu yama, yerel bir kullanıcının SUID çekirdek dökümü (core du
@GMDestekMerkezi
31 May 2025
22 Impressions
0 Retweets
4 Likes
0 Bookmarks
1 Reply
0 Quotes
📢 ÇEKİRDEK YAMASI – Ubuntu Apport LSN-0112-1 Ubuntu ekibi tarafından yayımlanan LSN-0112-1 yaması, CVE-2025-5054 açığını kapatmak üzere apport paketini 2.32.0-0ubuntu5.1 sürümüne yükseltiyor. Bu yama, yerel bir kullanıcının SUID çekirdek dökümü (core du
@GMDestekMerkezi
31 May 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢 ÇEKİRDEK YAMASI – Ubuntu Apport LSN-0112-1 Ubuntu ekibi tarafından yayımlanan LSN-0112-1 yaması, CVE-2025-5054 açığını kapatmak üzere apport paketini 2.32.0-0ubuntu5.1 sürümüne yükseltiyor. Bu yama, yerel bir kullanıcının SUID çekirdek dökümü (core du
@GMDestekMerkezi
31 May 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢 ÇEKİRDEK YAMASI – Ubuntu Apport LSN-0112-1 Ubuntu ekibi tarafından yayımlanan LSN-0112-1 yaması, CVE-2025-5054 açığını kapatmak üzere apport paketini 2.32.0-0ubuntu5.1 sürümüne yükseltiyor. Bu yama, yerel bir kullanıcının SUID çekirdek dökümü (core du
@GMDestekMerkezi
31 May 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 تم تحديد ثغرتين في نظام التشغيل لينوكس، تتعلقان ببرنامج applort وsystemd-coredump في أنظمة Ubuntu وRHEL وFedora. هاتان الثغرتان، المسجلتان كـ CVE-2025-5054 وCVE-2025-4598، قد تسمحان
@Cybercachear
31 May 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Critical security flaws found in Ubuntu, RHEL & Fedora core dump handlers (CVE-2025-5054 & CVE-2025-4598). Time to patch! 🔒 #CyberSecurity #LinuxSecurity #PatchNow https://t.co/s7wWuSNzwY
@NidaSaharBytes
31 May 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Linux vulnerabilities CVE-2025-5054 and CVE-2025-4598 in core dump handlers could lead to data leaks. Patch now. More info at: https://t.co/QFe7ctOyvJ #CyberSecurity #LinuxSecurity #CVE2025-5054 #CVE2025-4598
@threatlight
31 May 2025
46 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🔐 Two Linux flaws let local attackers steal secrets from crash dumps — including password hashes. Found in Ubuntu, RHEL & Fedora, the bugs (CVE-2025-5054 & CVE-2025-4598) exploit SUID crash handling. PoC is public. Mitigations exist. Read: https://t.co/lCoKg5CirQ
@TheHackersNews
31 May 2025
82595 Impressions
75 Retweets
226 Likes
79 Bookmarks
8 Replies
4 Quotes
CVE-2025-5054 Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When han… https://t.co/ZyB9OiWfeq
@CVEnew
30 May 2025
304 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Canonical’s security team has released updates for an Apport local information disclosure vulnerability. This update remediates CVE-2025-5054, which has a CVSS score of 4.7 (MEDIUM). Learn more about affected Ubuntu releases here: https://t.co/cipcFviWZm
@Canonical
30 May 2025
1053 Impressions
3 Retweets
21 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-5054
@transilienceai
30 May 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2661E14-5C57-45A4-98B9-3ACBECBD57B9",
"versionEndIncluding": "2.32.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:24.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "BF90B5A4-6E55-4369-B9D4-E7A061E797D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:24.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DE07EF30-B50E-4054-9918-50EFA416073B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:25.04:*:*:*:*:*:*:*",
"matchCriteriaId": "E1AE2209-6CBC-4189-89ED-DA0FF100D77D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]