cbcvebase.
CVE-2025-5467
published 2025-12-10

CVE-2025-5467: It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership…

low1.9CVSS 4.0
AVLACLATNPRLUINVCLVINVANSCNSINSANEPCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information beyond expected or intended groups.

Affected

11 ranges
VendorProductVersion rangeFixed in
canonicalapport>= 2.20.1 < 2.20.1-0ubuntu2.30+esm52.20.1-0ubuntu2.30+esm5
canonicalapport>= 2.20.1-0ubuntu1 < 2.20.1-0ubuntu2.302.20.1-0ubuntu2.30
canonicalapport>= 2.20.11-0ubuntu27 < 2.20.11-0ubuntu27.282.20.11-0ubuntu27.28
canonicalapport>= 2.20.11-0ubuntu82 < 2.20.11-0ubuntu82.72.20.11-0ubuntu82.7
canonicalapport>= 2.20.9 < 2.20.9-0ubuntu7.29+esm12.20.9-0ubuntu7.29+esm1
canonicalapport>= 2.20.9-0ubuntu7 < 2.20.9-0ubuntu7.292.20.9-0ubuntu7.29
canonicalapport>= 2.28.1 < 2.28.1-0ubuntu3.62.28.1-0ubuntu3.6
canonicalapport>= 2.28.1-0ubuntu1 < 2.28.1-0ubuntu3.62.28.1-0ubuntu3.6
canonicalapport>= 2.32.0 < 2.32.0-0ubuntu5.12.32.0-0ubuntu5.1
canonicalapport>= 2.32.0-0ubuntu1 < 2.32.0-0ubuntu5.12.32.0-0ubuntu5.1
canonicalapport>= 2.33.0 < 2.33.0-0ubuntu12.33.0-0ubuntu1