CVE-2025-14551
Senstive information disclosure was affecting subiquity
In short
Subiquity, Ubuntu's installer, may include plaintext Wi-Fi passwords in crash reports sent to Launchpad if installation fails and the user submits a bug report. This exposes sensitive credentials to an unintended audience.
Technical detail
CWE-1258 information exposure vulnerability in Subiquity 24.04.4 where crash logs transmitted to Launchpad during bug reporting may contain plaintext user credentials including Wi-Fi passwords. The attack vector requires user action (submitting a crash report), but impacts confidentiality of authentication secrets.
Summary generated and translated by AI from the official description.
In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U
Affected products
Canonical · UbuntuWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →