CVE-2025-14551— Senstive information disclosure was affecting subiquity
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-14551
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Senstive information disclosure was affecting subiquity
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1258
Source: NVD (National Vulnerability Database)
Vulnerability Title
Canonical Subiquity 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Canonical Subiquity是英国科能软件(Canonical)公司的一款Ubuntu服务器安装程序。 Canonical Subiquity 24.04.4版本存在安全漏洞,该漏洞源于崩溃报告处理不当,可能导致敏感凭据泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-14551
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-14551
请登录查看更多情报信息。
Same Patch Batch · Canonical · 2026-04-09 · 5 CVEs total
| CVE-2026-34178 | 9.1 CRITICAL | Importing a crafted backup leads to project restriction bypass |
| CVE-2026-34179 | 9.1 CRITICAL | Update of type field in restricted TLS certificate allows privilege escalation to cluster |
| CVE-2026-34177 | 9.1 CRITICAL | VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf |
| CVE-2025-15480 | Senstive information disclosure was affecting ubuntu-desktop-provision |
IV. Related Vulnerabilities
Same vendor: Canonical
- CVE-2026-6970
authd Denial of Service and Local Privilege Escalation - CVE-2026-6369
Exposed Session Token in canonical-livepatch client snap - CVE-2026-5412
Juju CloudSpec API could leak senstive information - CVE-2026-5774
Juju API Server Denial of Service and Authentication Replay - CVE-2025-15480
Senstive information disclosure was affecting ubuntu-desktop
Same weakness: CWE-1258
- CVE-2025-15480
Senstive information disclosure was affecting ubuntu-desktop - CVE-2026-26948
Dell Integrated Dell Remote Access Controller 安全漏洞 - CVE-2025-26482
Dell PowerEdge Server BIOS和Dell iDRAC9 安全漏洞 - CVE-2025-32257
WordPress 1 Click WordPress Migration plugin <= 2.5.7 - Sens - CVE-2023-48308
Calendar app returns full stacktrace when an error happens w
V. Comments for CVE-2025-14551
No comments yet