CVE-2025-14551

CWE-12583 documents3 sources
Severity
2.7LOW
EPSS
0.0%
top 87.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Canonical Ubuntu
Timeline
PublishedApr 9

Description

In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Affected Packages1 packages

CVEListV5canonical/ubuntu24.04.4+2

🔴Vulnerability Details

2
CVEList
Senstive information disclosure was affecting subiquity2026-04-09
GHSA
GHSA-5p47-92qw-3767: In Ubuntu, Subiquity version 242026-04-09
CVE-2025-14551 (LOW CVSS 2.7) | In Ubuntu | cvebase.io