According to the Qualis Threat Research Unit (Tru), two information disclosure defects have been identified in Apport and System-Corep, Core Dump Handlers, Ubuntu, Red Hat Enterprise Linux and Fedora.
Cive-2025-5054 and CVE-2025-4598 were tracked, both weaknesses are race conditions that can enable a local attacker to get access to sensitive information. Tools such as upports and systemd-coredump are designed to handle crash reporting and core dump in Linux systems.
Saeed Abbasi, the manager of the product at Qualis True, said, “These races allow a local attacker to take advantage of a side program and reach the resulting core dump.”
A brief description of two flaws is below –
- Cve-2025-5054 (CVSS Score: 4.7) – A race situation in a canonical upport package including up to 2.32.0 and including a race in a canonical upport package that allows a local attacker to leak sensitive information through PID -Cases by taking advantage of the names.
- Cve-2025-4598 ,
Suid, small for SET user ID, is a special file permission that allows the user to execute a program with his own privileges rather than his own permissions.
“When analyzing the application crash, the cenonical’s Octavio Galand said, it attempts to find out that the crash process was going on inside a container.”
“This means that if a local attacker manages to motivate an accident in a privileged process and quickly replace it with another procedure ID with another that lives inside a mount and PID namespace, the opposite will try to forward the core dump (in which the original, may be sensitive information related to the privileged process) in the names.”
Red Hat stated that the CVE-2025-4598 has been given moderate status in severity due to high complexity in drawing an exploitation for vulnerability, given that the attacker has the first race position and an inaccurate local account should be in possession.
As a mitigation, Red Hat stated that users can run the command “Eco 0>/Proc/FS/FS/FS/FS/FS/FS/Suid_dumpable” as root user to disable the capacity of a system to generate core dumps for suid binergies.
“/Proc/SYS/FS/Suid_dumpable” parameter mandatory that Suid program can produce core dump on accidents. By setting it on zero, it neutralizes the core dump for all suid programs and prevents them from analyzing in the event of an accident.
“It reduces this vulnerability, while it is not possible to update the systemd package, it neutralizes the ability to analyze accidents for such binergies,” said HAT.
Similar advice has been released by Amazon Linux, Debian and Gentu. It is worth noting that the Debian System by default is not susceptible to the CVE-2025-4598, as they do not include any core dump handlers until the systemd-coredump package is manually installed. The CVE-2025-4598 Ubuntu does not affect the release.
Qualis has also developed the proof-of-concept (POC) code for both weaknesses, showing how a local attacker can take advantage of the correlated UNIX_CHKPWD process, which is used to verify the validity of the user’s password, to get a password from the password file.
Canonical, in its own warning, stated that the impact of CVE-2015-5054 is limited to the confidentiality of the memory space of the involvement Suid executors and the exploitation of POC can leak the hash user password, which can limit the real world’s impact.
Abbasi said, “Exploitation of weaknesses in upport and systemad-core can seriously compromise confidentiality at high risk, as attackers can extract sensitive data, such as passwords, encryption keys, or customer information from core dump,” Abbasi said.
“Fallouts include operational downtime, reputed damage, and potential non-transportation with rules. To effectively reduce these versatile risks, enterprises should adopt active safety measures by giving priority to patches and mitigation, adopting strong monitoring and tightening access controls.”
