CVE-2025-5467

EUVD-2025-202585
It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information beyond expected or intended groups.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
canonicalapport
2.20.1-0ubuntu1 ≤
𝑥
< 2.20.1-0ubuntu2.30
canonicalapport
2.20.9-0ubuntu7 ≤
𝑥
< 2.20.9-0ubuntu7.29
canonicalapport
2.20.11-0ubuntu27 ≤
𝑥
< 2.20.11-0ubuntu27.28
canonicalapport
2.20.11-0ubuntu82 ≤
𝑥
< 2.20.11-0ubuntu82.7
canonicalapport
2.28.1-0ubuntu1 ≤
𝑥
< 2.28.1-0ubuntu3.6
canonicalapport
2.32.0-0ubuntu1 ≤
𝑥
< 2.32.0-0ubuntu5.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://bugs.launchpad.net/apport/+bug/2106338
https://www.stratascale.com/resource/cve-2025-32462-ubuntu-apport-vulnerability/