Sensitive Data Exposure in Subiquity from Canonical
CVE-2025-14551

2.7LOW

Key Information:

Vendor: Canonical
Status: Ubuntu
Vendor: CVE Published:; 9 April 2026

What is CVE-2025-14551?

In Subiquity version 24.04.4 for Ubuntu, a vulnerability exists that may expose sensitive user credentials during crash reporting. If an installation fails and a bug report is submitted to Launchpad, the logs may inadvertently include plaintext information such as the user's Wi-Fi password and other identity data, posing a significant risk to user privacy and security. Canonical has recognized this issue and provides patches to mitigate the risk of unintentional data leakage.

Affected Version(s)

Ubuntu Linux 0 <= 24.04.4

Ubuntu Linux 0 <= 25.10

Ubuntu Linux 0 <= 25.04

References

https://github.com/canonical/subiquity/pull/2358

patchissue-tracking

https://github.com/canonical/subiquity/pull/2357

patchissue-tracking

CVSS V4

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Dec 11, 2025

CVE-2025-14551 Data

JSON