Two critical local information-disclosure vulnerabilities affecting millions of Linux systems worldwide, potentially allowing attackers to extract sensitive password data through core dump manipulation.
The first vulnerability, CVE-2025-5054, affects Ubuntu’s Apport crash reporting system, while the second, CVE-2025-4598, impacts systemd-coredump, the default core dump handler used across Red Hat Enterprise Linux 9 and 10, as well as Fedora distributions.
9·29 days ago