CWE-1258
Exposure of Sensitive System Information Due to Uncleared Debug Information
BaseDraft
Description
The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-150 · CAPEC-204 · CAPEC-37 · CAPEC-545
CVEs mapped to this weakness (3)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-15480 | Cri | 0.52 | 9.1 | 0.00 | Apr 9, 2026 | In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs. | |
| CVE-2025-14551 | Hig | 0.46 | 8.1 | 0.00 | Apr 9, 2026 | In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs. | |
| CVE-2025-32257 | Med | 0.35 | 5.3 | 0.02 | Apr 4, 2025 | Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration 1-click-migration allows Retrieve Embedded Sensitive Data.This issue affects 1 Click WordPress Migration: from n/a through <= 2.5.7. |