Description

In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs.

INFO

Published Date :

2026-04-09T15:03:58.798Z

Last Modified :

2026-04-09T15:03:58.798Z

Source :

canonical
AFFECTED PRODUCTS

The following products are affected by CVE-2025-14551 vulnerability.

Vendors Products
Canonical
  • Ubuntu
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-14551.

URL Resource
https://github.com/canonical/subiquity/pull/2357 cve-icon cve-icon
https://github.com/canonical/subiquity/pull/2358 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability