CVE-2025-14551 PUBLISHED

Senstive information disclosure was affecting subiquity

Assigner: canonical
Reserved: 11.12.2025 Published: 09.04.2026 Updated: 09.04.2026

In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U
CVSS Score: 2.7

Product Status

Vendor Canonical
Product Ubuntu
Versions Default: unaffected
  • affected from 0 to 24.04.4 (incl.)
  • affected from 0 to 25.10 (incl.)
  • affected from 0 to 25.04 (incl.)

References

Problem Types

  • CWE-1258 Exposure of sensitive system information due to uncleared debug information CWE