Sensitive User Credential Leak in Ubuntu's Desktop Provision Tool
CVE-2025-15480

2.7LOW

Key Information:

Vendor: Canonical
Status: Ubuntu
Vendor: CVE Published:; 9 April 2026

What is CVE-2025-15480?

In Ubuntu's desktop-provision version 24.04.4, sensitive user credentials may be inadvertently exposed during the crash reporting process. If a user encounters an installation failure and chooses to submit a bug report to Launchpad, the logs attached may contain the user's password hash, posing a significant privacy risk. This issue highlights the importance of securing user data and preventing any leaks that could compromise personal information.

Affected Version(s)

Ubuntu Linux 0 <= 24.04.4

Ubuntu Linux 0 <= 25.10

Ubuntu Linux 0 <= 25.04

References

https://github.com/canonical/ubuntu-desktop-provision/pul...

patchissue-tracking

https://github.com/canonical/ubuntu-desktop-provision/pul...

patchissue-tracking

CVSS V4

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Jan 7, 2026

CVE-2025-15480 Data

JSON

Canonical

What is CVE-2025-15480?

Affected Version(s)

References

CVSS V4

Timeline