CVE-2025-15480

| EUVD-2025-209377 LOW
2026-04-09 canonical
2.7
CVSS 4.0

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
Apr 09, 2026 - 15:30 vuln.today
EUVD ID Assigned
Apr 09, 2026 - 15:30 euvd
EUVD-2025-209377
Patch Released
Apr 09, 2026 - 15:30 nvd
Patch available
CVE Published
Apr 09, 2026 - 15:02 nvd
LOW 2.7

Tags

Denial Of Service Ubuntu

Description

In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs.

Analysis

ubuntu-desktop-provision version 24.04.4 leaks user password hashes in crash report logs submitted to Launchpad during installation failures. An unauthenticated remote attacker can obtain sensitive credentials if a user opts to report the installation failure, requiring user interaction to trigger the vulnerability but resulting in direct exposure of authentication material. Patch available from Canonical via GitHub pull requests; EPSS and KEV status not actively exploited at time of analysis.

Technical Context

ubuntu-desktop-provision is a desktop environment provisioning tool in Ubuntu responsible for system installation and configuration. The vulnerability stems from inadequate sanitization of diagnostic logs before transmission to Launchpad's bug reporting system (CWE-1258: Insertion of Sensitive Information into Log File). During installation failure scenarios, the application includes unfiltered user credentials-specifically password hashes-in crash report attachments. This occurs at the intersection of error handling, logging infrastructure, and third-party service integration, where sensitive material from configuration or credential stores is written to log files without redaction or filtering before external submission.

Affected Products

Canonical ubuntu-desktop-provision is affected in Ubuntu 24.04.4, 25.04, and 25.10 per ENISA EUVD-2025-209377. The CPE cpe:2.3:a:canonical:ubuntu:*:*:*:*:*:*:*:* indicates all Ubuntu distributions may be in scope, though the referenced affected versions narrow the impact to recent LTS and current releases. Users on Ubuntu 22.04 LTS and earlier are not explicitly listed as affected; users on Ubuntu 24.04 LTS releases prior to 24.04.4 may also be protected depending on when the vulnerable code was introduced.

Remediation

Vendor-released patch available via GitHub pull requests #1400 and #1399 to canonical/ubuntu-desktop-provision; apply these patches immediately to affected systems. Users should upgrade ubuntu-desktop-provision to a patched version released after these PRs are merged and shipped in Ubuntu security updates. Check Canonical's security advisories (https://usn.ubuntu.com) for the specific patched package version number and apply via apt update && apt upgrade ubuntu-desktop-provision or full system updates. Workaround pending patch deployment: users experiencing installation failures should avoid submitting bug reports to Launchpad, or manually review and redact sensitive information from crash logs before submission. System administrators should monitor Launchpad bug reports submitted from affected Ubuntu versions and request users to re-file without sensitive credential data if encountered.

Priority Score

14
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +14
POC: 0

Share

CVE-2025-15480 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy