Two disadvantages of information about disclosure were discovered contribution and Systemd-Coredump. The main dump According to the threat study unit (TRU) in Ubuntu, Red Hat Enterprise Linux and Fedora.
Tracked as Cve-2025-5054 and Cve-2025-4598Both vulnerabilities are errors that can allow a local attacker to access confidential information. Tools such as Caport and Systemd-Coredump designed to handle reporting and basic debris in Linux Systems.
“These racing conditions allow the local attacker to use the Suid program and access read access to the received basic debris,” Said Abasi, the product manager in Quals Tru, – Note.
A brief description of the two disadvantages below –
- Cve-2025-5054 (CVSS assessment: 4.7) – Condition of the race in the canonical biring package and including 2.32.0, allowing local attackers leak through PID – use using spaces
- Cve-2025-4598 (CVSS assessment: 4.7) -otop race in system work that allows the attacker to force the Suid process to break up and replace it with an inferior binary to access
SUID, Short for the established user ID, this special The file permit This allows the user to fulfill the program with the privileges of his owner, not his own permits.
“When analyzing app failures, Sport tries to find out whether the process of cracking into the container before conducting the coherence on it,” Canonical’s Actavio Galland – Note.
“This means that if a local attacker manages to call a disaster in the privileged process and quickly replace it with the same process that is in the mounting and PID name, the conversation will try to send a basic dump (which can contain sensitive information belonging to the original, privileged process.”
Red Hat said the CVE-2025-4598 was assessed moderately due to high complexity in pulling the feats for vulnerability, noting that the attacker must first condition the race and possess an invalid local account.
As a softening, Red Hat said users can launch the “Echo 0>/Sys/FS/Suid_dumpable” command as a root user to disable the system to create a major dump for Suid Binary.
The parameter “/PROC/SYS/FS/Suid_dumpable” is essentially managing whether the Suid programs can produce major landfills during the accident. By setting it to zero, it disables the main landfills for all Suid programs and does not allow them to analyze in the event of an accident.
“Although it softens this vulnerability, while it is impossible to update the SystemD package, it disables the accidents analyzing for such binary files,” Red Hat Hat – Note.
Similar recommendations have been issued Amazon Linux. Lunchand Giant. It is worth noting that the default Debian Systems is not amenable to Cve-2025-4598, because they do not include any Dump Core handler if the Systemd-Cordump package is not installed manually. Cve-2025-4598 does not affect Ubuntu issues.
Qualys also developed the evidence code of the concept (POC) for both vulnerabilities, demonstrating how the local attacker can use Coredump cut off the Unix_chkpwd process that used to check the user’s password to get a password hashos from the file /etc. /Shadow.
Canonical, in the alarm, said the influence of the CVE-2025-5054 is limited to the confidentiality of the memory of the caused SUID files, and that POC Exploit can be traced with hash passwords that have a limited impact in the real world.
“The exploitation of the vulnerabilities in the conversation and Systemd-CoreDump can seriously endanger the privacy at high risk, as attackers can extract sensitive data, such as passwords, encryption keys, or customer information from major landfills,” Abbas said.
“The fall includes an operational time of downtime, reputational damage and potential failure to comply with the rules. To mitigate these multifaceted risks, which effectively must take active security measures, giving priorities and softening, providing reliable monitoring and increased access control.”