High severity8.1NVD Advisory· Published Apr 9, 2026· Updated Apr 17, 2026

CVE-2025-14551

Description

In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs.

Affected products

Canonical (company)/Ubuntu Subiquity
cpe:2.3:a:canonical:ubuntu_subiquity:24.04.4:*:*:*:*:*:*:*

Patches

794a4acbdbc6

https://github.com/canonical/subiquityvia nvd-ref

PR #2357

62f93c2c1cce

https://github.com/canonical/subiquityvia nvd-ref

PR #2358

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/canonical/subiquity/pull/2357nvdIssue TrackingPatch
github.com/canonical/subiquity/pull/2358nvdIssue TrackingPatch

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000