Improper File Permissions Vulnerability in Canonical's Apport Tool
CVE-2025-5467

1.9LOW

Key Information:

Vendor: Canonical
Status: Apport
Vendor: CVE Published:; 10 December 2025

What is CVE-2025-5467?

In Canonical's Apport crash reporting tool, the process_crash() function was found to improperly handle crash file ownership. This flaw could lead to potentially sensitive crash information being accessible to unauthorized groups, raising significant privacy and security concerns. It is crucial to apply available patches to mitigate the risk associated with this vulnerability.

Affected Version(s)

apport 2.20.11-0ubuntu82 < 2.20.11-0ubuntu82.7

apport 2.32.0 < 2.32.0-0ubuntu5.1

apport 2.20.9 < 2.20.9-0ubuntu7.29+esm1

References

https://www.stratascale.com/resource/cve-2025-32462-ubunt...

https://bugs.launchpad.net/apport/+bug/2106338

CVSS V4

Score:

1.9

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2025
Vulnerability Reserved
Jun 2, 2025

Credit

Rich Mirch

JSON