CVE-2025-5467 – This vulnerability in Canonical's Apport crash ... (How to Fix)

Q: What is the severity of CVE-2025-5467?

CVE-2025-5467 has a CVSS score of 3.3 (LOW). This vulnerability in Canonical's Apport crash reporting tool creates crash files with incorrect group ownership, potentially exposing sensitive crash information to unauthorized users. It affects Ubuntu systems with Apport enabled. The exposure is limited to local users who can access files with incorrect permissions.

📋 TL;DR

This vulnerability in Canonical's Apport crash reporting tool creates crash files with incorrect group ownership, potentially exposing sensitive crash information to unauthorized users. It affects Ubuntu systems with Apport enabled. The exposure is limited to local users who can access files with incorrect permissions.

💻 Affected Systems

Products:

Canonical Apport

Versions: Specific versions not detailed in references, but appears to affect recent Ubuntu versions with Apport

Operating Systems: Ubuntu Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where Apport is enabled and processing crash reports. Apport may be disabled by default on some Ubuntu installations.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive system information from crash reports could be accessed by unauthorized local users, potentially revealing configuration details, memory contents, or other data that could aid further attacks.

🟠

Likely Case

Limited information disclosure to local users who happen to be in groups that shouldn't have access to crash files, potentially exposing some system details but not critical secrets.

🟢

If Mitigated

Minimal impact with proper file permissions and group management in place, as the vulnerability only affects group ownership, not world-readable permissions.

🌐 Internet-Facing: LOW - This is a local privilege issue requiring local access to the system.

🏢 Internal Only: MEDIUM - Internal users with shell access could potentially exploit this to gain unauthorized access to crash information.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Exploitation requires local access and knowledge of where crash files are stored.

Exploitation requires local user access to the system and ability to read files in directories where crash reports are stored.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Ubuntu security updates for Apport package

Vendor Advisory: https://bugs.launchpad.net/apport/+bug/2106338

Restart Required: No

Instructions:

1. Run 'sudo apt update' 2. Run 'sudo apt upgrade apport' 3. Verify the update completed successfully

🔧 Temporary Workarounds

Disable Apport

linux

Completely disable the Apport crash reporting service

sudo systemctl stop apport
sudo systemctl disable apport
echo 'enabled=0' | sudo tee /etc/default/apport

Restrict crash directory permissions

linux

Manually set correct permissions on Apport crash directories

sudo chmod 750 /var/crash
sudo chown root:adm /var/crash

🧯 If You Can't Patch

Disable Apport crash reporting service entirely
Implement strict file permission monitoring on /var/crash directory

🔍 How to Verify

Check if Vulnerable:

Check if Apport is running: 'systemctl status apport' and check Apport version: 'dpkg -l | grep apport'

Check Version:

dpkg -l | grep apport

Verify Fix Applied:

Check Apport package version after update and verify /var/crash directory permissions: 'ls -la /var/crash'

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to /var/crash directory
Failed permission attempts on crash files

Network Indicators:

None - this is a local file system vulnerability

SIEM Query:

Process monitoring for unusual file reads from /var/crash/* or permission changes to crash files

📊 Metadata

CVE ID: CVE-2025-5467

CVSS v3 Score: 3.3 (LOW)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-708

EPSS Score: 0.02% exploit probability (3.4th percentile)

Published: December 10, 2025

Last Updated: December 17, 2025

🔗 References

https://bugs.launchpad.net/apport/+bug/2106338 Exploit,Third Party Advisory
https://www.stratascale.com/resource/cve-2025-32462-ubuntu-apport-vulnerability/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5467, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apport by Canonical

Apport by Canonical

Apport by Canonical

Apport by Canonical

Apport by Canonical

Apport by Canonical

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Apport

Restrict crash directory permissions

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities