Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-14551

Summary
Assigner-canonical
Assigner Org ID-cc1ad9ee-3454-478d-9317-d3e869d708bc
Published At-09 Apr, 2026 | 15:03
Updated At-10 Apr, 2026 | 13:54
Rejected At-
Credits

Senstive information disclosure was affecting subiquity

In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:canonical
Assigner Org ID:cc1ad9ee-3454-478d-9317-d3e869d708bc
Published At:09 Apr, 2026 | 15:03
Updated At:10 Apr, 2026 | 13:54
Rejected At:
▼CVE Numbering Authority (CNA)
Senstive information disclosure was affecting subiquity

In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs.

Affected Products
Vendor
Canonical Ltd.Canonical
Product
Ubuntu
Collection URL
https://github.com/canonical
Package Name
subiquity
Repo
https://github.com/canonical/subiquity
Platforms
  • Linux
Default Status
unaffected
Versions
Affected
  • From 0 through 24.04.4 (custom)
  • From 0 through 25.10 (custom)
  • From 0 through 25.04 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-1258CWE-1258 Exposure of sensitive system information due to uncleared debug information
Type: CWE
CWE ID: CWE-1258
Description: CWE-1258 Exposure of sensitive system information due to uncleared debug information
Metrics
VersionBase scoreBase severityVector
4.02.7LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U
Version: 4.0
Base score: 2.7
Base severity: LOW
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/canonical/subiquity/pull/2358
patch
issue-tracking
https://github.com/canonical/subiquity/pull/2357
patch
issue-tracking
Hyperlink: https://github.com/canonical/subiquity/pull/2358
Resource:
patch
issue-tracking
Hyperlink: https://github.com/canonical/subiquity/pull/2357
Resource:
patch
issue-tracking
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@ubuntu.com
Published At:09 Apr, 2026 | 16:16
Updated At:17 Apr, 2026 | 20:17

In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.02.7LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.18.1HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Type: Secondary
Version: 4.0
Base score: 2.7
Base severity: LOW
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CPE Matches
Canonical Ltd.
canonical
>>ubuntu_subiquity>>24.04.4
cpe:2.3:a:canonical:ubuntu_subiquity:24.04.4:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-1258Secondarysecurity@ubuntu.com
CWE ID: CWE-1258
Type: Secondary
Source: security@ubuntu.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/canonical/subiquity/pull/2357security@ubuntu.com
Issue Tracking
Patch
https://github.com/canonical/subiquity/pull/2358security@ubuntu.com
Issue Tracking
Patch
Hyperlink: https://github.com/canonical/subiquity/pull/2357
Source: security@ubuntu.com
Resource:
Issue Tracking
Patch
Hyperlink: https://github.com/canonical/subiquity/pull/2358
Source: security@ubuntu.com
Resource:
Issue Tracking
Patch

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2025-15480
Matching Score-10
Assigner-Canonical Ltd.
ShareView Details
Matching Score-10
Assigner-Canonical Ltd.
CVSS Score-2.7||LOW
EPSS-0.05% / 16.05%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 15:02
Updated-17 Apr, 2026 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Senstive information disclosure was affecting ubuntu-desktop-provision

In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs.

Action-Not Available
Vendor-Canonical Ltd.
Product-ubuntu_desktop_provisionUbuntu
CWE ID-CWE-1258
Exposure of Sensitive System Information Due to Uncleared Debug Information
CVE-2019-11455
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-1.77% / 82.73%
||
7 Day CHG~0.00%
Published-22 Apr, 2019 | 15:06
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).

Action-Not Available
Vendor-tildeslashn/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxmonitdebian_linuxfedoran/a
CWE ID-CWE-125
Out-of-bounds Read
Details not found