Critical severity9.1NVD Advisory· Published Apr 9, 2026· Updated Apr 17, 2026

CVE-2025-15480

Description

In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs.

Affected products

Canonical (company)/Ubuntu Desktop Provision
cpe:2.3:a:canonical:ubuntu_desktop_provision:24.04.4:*:*:*:*:*:*:*

Patches

9327345c4c72

https://github.com/canonical/ubuntu-desktop-provisionvia nvd-ref

PR #1399

e730628911fd

https://github.com/canonical/ubuntu-desktop-provisionvia nvd-ref

PR #1400

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/canonical/ubuntu-desktop-provision/pull/1399nvdIssue TrackingPatch
github.com/canonical/ubuntu-desktop-provision/pull/1400nvdIssue TrackingPatch

News mentions

No linked articles in our index yet.

cvss	0.591
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000