Cybersecurity researchers at Qualys Threat Research Unit (TRU) have disclosed two critical local information-disclosure vulnerabilities that could allow attackers to extract sensitive password hashes from core dump files on millions of Linux systems globally.
The vulnerabilities, designated CVE-2025-5054 and CVE-2025-4598, exploit race conditions in core-dump handling mechanisms used across major Linux distributions, potentially exposing organizations to significant data breaches and compliance violations.
The newly discovered vulnerabilities target fundamental crash-reporting and debugging infrastructure present on most modern Linux systems.
CVE-2025-5054 specifically affects Ubuntu’s Apport crash-reporting framework, while CVE-2025-4598 exploits systemd-coredump, the default core-dump handler implemented across Red Hat Enterprise Linux, Fedora, and numerous other systemd-based distributions.
Both vulnerabilities stem from race condition vulnerabilities that enable local attackers to manipulate the timing of core dump generation processes.
When a SUID (Set User ID) program crashes, these race conditions allow attackers to gain unauthorized read access to the resulting core dump files, which can contain sensitive in-memory data including password hashes, encryption keys, and other confidential information.
Qualys researchers have developed proof-of-concept exploits demonstrating how attackers can leverage these vulnerabilities to extract password hashes from the / etc / shadow file by exploiting crashes in the unix _ chkpwd process, a password verification utility installed by default on most Linux distributions.
This attack vector represents a significant escalation pathway for local attackers seeking to obtain elevated privileges or access sensitive user credentials.
Linux Vulnerabilities
The scope of affected systems spans multiple major Linux distributions and versions. Ubuntu systems running version 24.04 are vulnerable, with all Apport versions up to 2.33.0 affected, extending the vulnerabilities window back to Ubuntu 16.04 releases.
Select all the vulnerabilities on the assets you would like to mitigate this vulnerability on, and use Actions-> View Risk Eliminate:
This represents millions of desktop and server installations across enterprise and consumer environments.
Red Hat Enterprise Linux deployments face similar exposure, with RHEL 9 and the recently released RHEL 10 confirmed vulnerable through their systemd-coredump implementations.
Fedora 40 and 41 are also affected, amplifying the potential impact across development and production environments that rely on these cutting-edge distributions.
Notably, Debian systems remain protected by default since they do not include core-dump handlers unless administrators manually install the systemd-coredump package.
However, hybrid environments and custom configurations may still present exposure vectors depending on specific implementation choices.
Mitigations
Organizations can implement immediate protective measures while awaiting official patches from distribution maintainers.
The primary mitigation involves modifying the / proc / sys / fs /suid _ dumpable kernel parameter, setting it to 0 to disable core dump generation for SUID programs entirely.
Qualys has released detection capabilities through QID 383314 via their vulnerability management platform, enabling organizations to identify and prioritize remediation efforts across their infrastructure.
This configuration change prevents exploitation of these vulnerabilities but may impact debugging capabilities for legitimate crash analysis.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
.webp?resize=1068,580&ssl=1&description=Cybersecurity researchers at Qualys Threat Research Unit (TRU) have disclosed two critical local information-disclosure vulnerabilities.){kind=link}