Plattform
linux
Komponente
ubuntu-desktop-provision
Behoben in
25.10.1
CVE-2025-15480 affects the ubuntu-desktop-provision tool in Ubuntu. The vulnerability allows for the potential leakage of sensitive user credentials, specifically password hashes, during crash reporting. This occurs when a bug report is submitted to Launchpad following a failed installation. The vulnerability impacts versions 0.0.0–25.10.
An attacker exploiting CVE-2025-15480 could potentially obtain password hashes from crash reports submitted to Launchpad. While these hashes are not immediately usable, they could be subjected to offline cracking attempts, potentially compromising user accounts. The impact is particularly severe as it affects a core Ubuntu provisioning tool, potentially impacting a large number of users. The blast radius extends to all users who experience installation failures and submit bug reports.
CVE-2025-15480 was published on 2026-04-09. Its exploitation probability is currently unknown, and severity is pending evaluation. Public proof-of-concept (POC) code is not yet available. Monitor security advisories and vulnerability databases for updates.
Exploit-Status
EPSS
0.06% (17% Perzentil)
CISA SSVC
Due to the lack of a fixed version, mitigation focuses on workarounds. Disable automatic crash reporting for ubuntu-desktop-provision. If crash reporting is essential, carefully review crash reports before submitting them to Launchpad to ensure no sensitive information is included. Implement stricter access controls on Launchpad bug reports to limit who can view them. Monitor Launchpad for any suspicious activity related to ubuntu-desktop-provision. There is no verification step beyond ensuring crash reports are not submitted with sensitive data.
Actualice el paquete ubuntu-desktop-provision a una versión corregida. Canonical ha publicado correcciones en versiones posteriores a las afectadas. Consulte las notas de la versión de Ubuntu para obtener más detalles sobre las actualizaciones disponibles.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-15480 is a vulnerability in Ubuntu Desktop Provision 0.0.0–25.10 where password hashes can be leaked in bug reports during installation failures, potentially exposing user credentials.
You are potentially affected if you are using Ubuntu Desktop Provision version 0.0.0–25.10 and have experienced installation failures requiring you to submit a bug report to Launchpad.
The recommended fix is to upgrade to a patched version of Ubuntu Desktop Provision. Until a patch is available, disable automatic bug report submission during installation failures.
Currently, there are no publicly known active exploitation campaigns targeting CVE-2025-15480, but continuous monitoring is advised.
Refer to the official Ubuntu security advisories at https://ubuntu.com/security for updates and guidance related to CVE-2025-15480.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.