CVE-2025-15480 PUBLISHED

Senstive information disclosure was affecting ubuntu-desktop-provision

Assigner: canonical
Reserved: 07.01.2026 Published: 09.04.2026 Updated: 09.04.2026

In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U
CVSS Score: 2.7

Product Status

Vendor Canonical
Product Ubuntu
Versions Default: unaffected
  • affected from 0 to 24.04.4 (incl.)
  • affected from 0 to 25.10 (incl.)
  • affected from 0 to 25.04 (incl.)

References

Problem Types

  • CWE-1258 Exposure of sensitive system information due to uncleared debug information CWE