Recent CVEs discovered on Linux systems demonstrate their risks to sensitive data 【8†source】. The Qualys Threat Research Unit (TRU) has discovered two major vulnerabilities affecting CVE-2025-5054 & CVE-2025-4598. These flaws affect popular distros like Ubuntu, Red Hat Enterprise Linux (RHEL), and Fedora.
CVE-2025-5054 is a race condition vulnerability found in the Canonical apport package. With a CVSS score of 4.7, it impacts all versions up to and including 2.32.0. This vulnerability lets local attackers leak sensitive information via PID reuse through the use of namespaces. The apport tool, which is used for automatic crash reporting and core dumps, has been criticized for this serious privacy hole.
Just like CVE-2025-4598, which has a CVSS score of 4.7, this one is a race condition in systemd-coredump. This vulnerability allows a local attacker to crash any Set User ID (SUID) process. After the crash, they can switch it out with a non-SUID binary. It follows that the attacker obtains the original privileged process core dump. This access allows malicious users to read sensitive data, including the contents of /etc/shadow.
Canonical’s Octavio Galland commented on the apport vulnerability, noting that “when analyzing application crashes, apport attempts to detect if the crashing process was running inside a container before performing consistency checks on it.” However, this effort at hardening the security doesn’t reduce the risk associated with CVE-2025-5054 to an acceptable level.
“The impact of CVE-2025-5054 is restricted to the confidentiality of the memory space of invoked SUID executables and that the PoC exploit can leak hashed user passwords has limited real-world impact.” – Canonical
Similar vulnerabilities were discovered and patched by Red Hat among others. In doing so, they cautioned that taking these solutions would prevent enabling important crash analysis functionality for affected binaries.
“While this mitigates this vulnerability while it’s not possible to update the systemd package, it disables the capability of analyzing crashes for such binaries.” – Red Hat
Saeed Abbasi from Qualys highlighted the potential consequences of these vulnerabilities, stating that “the exploitation of vulnerabilities in Apport and systemd-coredump can severely compromise the confidentiality at high risk, as attackers could extract sensitive data, like passwords, encryption keys, or customer information from core dumps.”
Further, Qualys has provided full-working proof-of-concept (PoC) code for both vulnerabilities. This sample code demonstrates precisely how an attacker could use a core dump of a crashed unix_chkpwd process to their advantage. Such exploitation further underscores how important it is for individuals and institutions to quickly install security updates.
Debian systems are not vulnerable to CVE-2025-4598 by default. For Ubuntu, RHEL, and Fedora users, the risks are extremely high. The consequences of these vulnerabilities are operational downtime, reputational harm, and the risk of not meeting regulatory requirements.
“To mitigate these multifaceted risks effectively, enterprises should adopt proactive security measures by prioritizing patches and mitigations, enforcing robust monitoring, and tightening access controls.” – Saeed Abbasi