Ubuntu Apport Vulnerability CVE-2025-5054: Local Privilege Escalation Risk – Patch Now

Ubuntu Apport Vulnerability CVE-2025-5054: Local Privilege Escalation Risk – Patch Now

When applications crash on Linux, they often generate a core dump — a snapshot of the app’s memory at the time of failure. These files are essential for developers to debug and fix issues. However, a new vulnerability has been found in Ubuntu’s Apport crash reporter , used by default in Ubuntu and some derivatives like AnduinOS.

The flaw, tracked as CVE-2025-5054 with a CVSS score of 4.7 (Medium) , could allow attackers with local access to leak sensitive data , including hashed user passwords, from privileged processes.

How Does the Attack Work?

Apport checks whether a crashed process was running inside a container before analyzing it. An attacker who can crash a privileged process and quickly replace it with another under the same process ID — within both a mount and PID namespace — may trick Apport into forwarding the core dump. This dump can contain sensitive system data.

Importantly, this attack requires:

• Local access to the machine
• High-level privileges to manipulate namespaces and process IDs

This makes the exploit difficult to carry out in most real-world scenarios , though still a concern for shared or compromised systems.

How to Fix It

Canonical has already released patches for all affected versions of Ubuntu, including both desktop and server editions.

To update your system:

sudo apt update && sudo apt upgrade

If you want to update only Apport and related packages:

For Ubuntu 20.04 and newer:

sudo apt update && sudo apt install –only-upgrade apport python3-apport

For Ubuntu 16.04 and 18.04: