CVE-2025-15480Exposure of Sensitive System Information Due to Uncleared Debug Information in Ubuntu

CWE-1258Exposure of Sensitive System Information Due to Uncleared Debug Information3 documents3 sources
Severity
2.7LOWNVD
EPSS
0.1%
top 82.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Canonical Ubuntu
Timeline
PublishedApr 9

Description

In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Affected Packages1 packages

CVEListV5canonical/ubuntu24.04.4+2

🔴Vulnerability Details

2
CVEList
Senstive information disclosure was affecting ubuntu-desktop-provision2026-04-09
GHSA
GHSA-24q9-g4p7-45qp: In Ubuntu, ubuntu-desktop-provision version 242026-04-09
CVE-2025-15480 — Canonical Ubuntu vulnerability | cvebase