Apport and systemd-coredump exposed local data due to two identified vulnerabilities: CVE-2025-5054 and CVE-2025-4598, uncovered by Qualys TRU.
In a recent discovery by the Qualys Threat Research Unit (TRU), two local information-disclosure vulnerabilities have been found in Apport, Ubuntu's built-in crash-reporting framework, and systemd-coredump, a framework commonly employed by systemd-based distributions for handling core dumps. These vulnerabilities, identified as CVE-2025-5054 and CVE-2025-4598, pose significant security risks to enterprises.
For Apport, versions up to 2.33.0 are affected, and every Ubuntu release since 16.04 is impacted. The race conditions in this vulnerability allow a local attacker to exploit a SUID program and gain read access to the resulting core dump. Similarly, for systemd-coredump, versions across various distributions including Fedora 40/41, Red Hat Enterprise Linux 9, and the recently released RHEL 10 are vulnerable.
These vulnerabilities can severely compromise the confidentiality at high risk, as attackers could potentially extract sensitive data, such as passwords, encryption keys, or customer information from core dumps. Qualys TRU has developed proofs of concept (POCs) for these vulnerabilities, demonstrating how a local attacker can exploit the coredump of a crashed unix_chkpwd process to obtain password hashes from the /etc/shadow file.
To mitigate these vulnerabilities, setting the parameter to 0 disables core dumps for all SUID programs, preventing the dumping of sensitive in-memory data to disk. Debian systems aren't vulnerable by default, as they don't include any core-dump handler unless the user manually installs the systemd-coredump package.
Qualys Cloud Agent customers can use the TruRiskTM Eliminate module to efficiently assign IG QIDs and mitigate the risks. To address this risk using the TruRisk Eliminate module, visit the VMDR and Vulnerabilities tab, select the vulnerabilities, and use Actions-> View Risk Eliminate or Create Mitigation Job. Thorough testing in a controlled environment is recommended before using the feature to confirm compatibility and maintain system stability.
It's important to note that both vulnerabilities are race-condition vulnerabilities. The original version of systemd-coredump is part of the systemd suite developed by Lennart Poettering and others starting around 2010, while Apport was originally developed by Canonical Ltd. for Ubuntu to handle crash reporting starting around 2006.
Qualys is releasing QIDs for these vulnerabilities as they become available. For more technical details about the vulnerabilities, visit the provided link.
Mitigation is an essential component of any comprehensive cybersecurity strategy, providing a critical layer of defense when patches are absent. To start a trial of the TruRisk Eliminate module, visit the provided link or connect with your Technical Account Manager (TAM).
Read also:
- Expanded Criticism of Human Rights Protections - Specialists Criticize Russia's Intensified Crackdown on Virtual Private Networks and Encrypted Applications
- Cyber Attack Nets $14 Million from WOO X Across Four Different Blockchains
- Auto industry giants Fescaro and TUV Nord team up for cybersecurity certification in automobiles
- Nigerian Securities and Exchange Commission (SEC) teams up with Chainalysis to combat cryptocurrency fraud activities
