CVE-2025-14551 — HIGH (8.1)

Vulnerability Description

In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Canonical	Ubuntu Subiquity	24.04.4

Related Weaknesses (CWE)

CWE-1258

References

https://github.com/canonical/subiquity/pull/2357Issue TrackingPatch
https://github.com/canonical/subiquity/pull/2358Issue TrackingPatch

FAQ

What is CVE-2025-14551?

CVE-2025-14551 is a vulnerability with a CVSS score of 8.1 (HIGH). In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include cer...

How severe is CVE-2025-14551?

CVE-2025-14551 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-14551?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Subiquity.