Apport Crash Reporter: Incorrect Group Ownership Exposure
CVE-2025-5467 Published on December 10, 2025
Ubuntu Apport Insecure File Permissions Vulnerability
It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information beyond expected or intended groups.
Weakness Type
Incorrect Ownership Assignment
The software assigns an owner to a resource, but the owner is outside of the intended control sphere. This may allow the resource to be manipulated by actors outside of the intended control sphere.
Products Associated with CVE-2025-5467
Want to know whenever a new CVE is published for Canonical Apport? stack.watch will email you.
Affected Versions
Canonical apport:- Version 2.20.11-0ubuntu82 and below 2.20.11-0ubuntu82.7 is affected.
- Version 2.32.0 and below 2.32.0-0ubuntu5.1 is affected.
- Version 2.20.9 and below 2.20.9-0ubuntu7.29+esm1 is affected.
- Version 2.28.1 and below 2.28.1-0ubuntu3.6 is affected.
- Version 2.33.0 and below 2.33.0-0ubuntu1 is affected.
- Version 2.20.1 and below 2.20.1-0ubuntu2.30+esm5 is affected.
- Version 2.20.11-0ubuntu27 and below 2.20.11-0ubuntu27.28 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.