CVE-2025-5467

CWE-7083 documents3 sources
Severity
1.9LOW
EPSS
0.0%
top 93.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Canonical Apport
Timeline
PublishedDec 10

Description

It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information beyond expected or intended groups.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5canonical/apport2.20.11-0ubuntu822.20.11-0ubuntu82.7+6
NVDcanonical/apport2.20.1-0ubuntu12.20.1-0ubuntu2.30+5

🔴Vulnerability Details

2
CVEList
Ubuntu Apport Insecure File Permissions Vulnerability2025-12-10
GHSA
GHSA-36f2-gj33-3mrm: It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership2025-12-10
CVE-2025-5467 (LOW CVSS 1.9) | It was discovered that process_cras | cvebase.io